openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

XEN was updated to 4.2.2, fixing lots of bugs and several security
issues.

Various upstream patches were also merged into this version by our
developers.

Detailed buglist :

- bnc#824676 - Failed to setup devices for vm instance
when start multiple vms simultaneously

- bnc#817799 - sles9sp4 guest fails to start after
upgrading to sles11 sp3

- bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference
counting error due to XSA-45/CVE-2013-1918 fixes

- Add upstream patch to fix devid assignment in libxl
27184-libxl-devid-fix.patch

- bnc#823608 - xen: XSA-57: libxl allows guest write
access to sensitive console related xenstore keys
27178-libxl-Restrict-permissions-on-PV-console-device-xe
nstore-nodes.patch

- bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
libelf PV kernel handling

- bnc#808269 - Fully Virtualized Windows VM install is
failed on Ivy Bridge platforms with Xen kernel

- bnc#801663 - performance of mirror lvm unsuitable for
production block-dmmd

- bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to
boot after panic on XEN kernel SP3 Beta 4 and RC1

- Upstream AMD Erratum patch from Jan

- bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several
access permission issues with IRQs for unprivileged
guests

- bnc#820917 - CVE-2013-2076: xen: Information leak on
XSAVE/XRSTOR capable AMD CPUs (XSA-52)

- bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to
missing exception recovery on XRSTOR (XSA-53)

- bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to
missing exception recovery on XSETBV (XSA-54)

- bnc#808085 - aacraid driver panics mapping INT A when
booting kernel-xen

- bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with
i915 graphics controller under Xen with VT-d enabled

- bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow
in xencontrol Python bindings affecting xend

- bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask
0077 when daemonizing

- add lndir to BuildRequires

- remove
xen.migrate.tools_notify_restore_to_hangup_during_migrat
ion_--abort_if_busy.patch It changed migration protocol
and upstream wants a different solution

- bnc#802221 - fix xenpaging readd
xenpaging.qemu.flush-cache.patch

- bnc#808269 - Fully Virtualized Windows VM install is
failed on Ivy Bridge platforms with Xen kernel

- Additional fix for bnc#816159
CVE-2013-1918-xsa45-followup.patch

- bnc#817068 - Xen guest with >1 sr-iov vf won't start

- Update to Xen 4.2.2 c/s 26064 The following recent
security patches are included in the tarball
CVE-2013-0151-xsa34.patch (bnc#797285)
CVE-2012-6075-xsa41.patch (bnc#797523)
CVE-2013-1917-xsa44.patch (bnc#813673)
CVE-2013-1919-xsa46.patch (bnc#813675)

- bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long
latency operations are not preemptible

- bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt
remapping source validation flaw for bridges

- bnc#809662 - can't use pv-grub to start domU (pygrub
does work) xen.spec

- bnc#814709 - Unable to create XEN virtual machines in
SLED 11 SP2 on Kyoto

- bnc#813673 - CVE-2013-1917: xen: Xen PV DoS
vulnerability with SYSENTER

- bnc#813675 - CVE-2013-1919: xen: Several access
permission issues with IRQs for unprivileged guests

- bnc#814059 - xen: qemu-nbd format-guessing due to
missing format specification

See also :

http://lists.opensuse.org/opensuse-updates/2013-09/msg00007.html
https://bugzilla.novell.com/show_bug.cgi?id=797285
https://bugzilla.novell.com/show_bug.cgi?id=797523
https://bugzilla.novell.com/show_bug.cgi?id=801663
https://bugzilla.novell.com/show_bug.cgi?id=802221
https://bugzilla.novell.com/show_bug.cgi?id=808085
https://bugzilla.novell.com/show_bug.cgi?id=808269
https://bugzilla.novell.com/show_bug.cgi?id=809662
https://bugzilla.novell.com/show_bug.cgi?id=813673
https://bugzilla.novell.com/show_bug.cgi?id=813675
https://bugzilla.novell.com/show_bug.cgi?id=814059
https://bugzilla.novell.com/show_bug.cgi?id=814709
https://bugzilla.novell.com/show_bug.cgi?id=816159
https://bugzilla.novell.com/show_bug.cgi?id=816163
https://bugzilla.novell.com/show_bug.cgi?id=817068
https://bugzilla.novell.com/show_bug.cgi?id=817210
https://bugzilla.novell.com/show_bug.cgi?id=817799
https://bugzilla.novell.com/show_bug.cgi?id=817904
https://bugzilla.novell.com/show_bug.cgi?id=818183
https://bugzilla.novell.com/show_bug.cgi?id=819416
https://bugzilla.novell.com/show_bug.cgi?id=820917
https://bugzilla.novell.com/show_bug.cgi?id=820919
https://bugzilla.novell.com/show_bug.cgi?id=820920
https://bugzilla.novell.com/show_bug.cgi?id=823011
https://bugzilla.novell.com/show_bug.cgi?id=823608
https://bugzilla.novell.com/show_bug.cgi?id=824676
https://bugzilla.novell.com/show_bug.cgi?id=826882

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now