SuSE 11.3 Security Update : Xen (SAT Patch Number 9828)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to
fix various bugs and security issues.

The following security issues have been fixed :

- XSA-108: CVE-2014-7188: Improper MSR range used for
x2APIC emulation. (bnc#897657)

- XSA-106: CVE-2014-7156: Missing privilege level checks
in x86 emulation of software interrupts. (bnc#895802)

- XSA-105: CVE-2014-7155: Missing privilege level checks
in x86 HLT, LGDT, LIDT, and LMSW emulation. (bnc#895799)

- XSA-104: CVE-2014-7154: Race condition in
HVMOP_track_dirty_vram. (bnc#895798)

- XSA-100: CVE-2014-4021: Hypervisor heap contents leaked
to guests. (bnc#880751)

- XSA-96: CVE-2014-3967 / CVE-2014-3968: Vulnerabilities
in HVM MSI injection. (bnc#878841)

- XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not
preemptible. (bnc#867910)

- XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer
overflow. (bnc#842006)

- qemu: zaurus: buffer overrun on invalid state load
(bnc#864801) The following non-security issues have been
fixed:. (CVE-2013-4540)

- xend: Fix netif convertToDeviceNumber for running
domains. (bnc#891539)

- Installing SLES12 as a VM on SLES11 SP3 fails because of
btrfs in the VM. (bnc#882092)

- XEN kernel panic do_device_not_available(). (bnc#881900)

- Boot Failure with xen kernel in UEFI mode with error 'No
memory for trampoline'. (bnc#833483)

- SLES 11 SP3 vm-install should get RHEL 7 support when
released. (bnc#862608)

- SLES 11 SP3 XEN kiso version cause softlockup on 8
blades npar(480 cpu). (bnc#858178)

- Local attach support for PHY backends using scripts
local_attach_support_for_phy.patch. (bnc#865682)

- Improve multipath support for npiv devices block-npiv

See also :

Solution :

Apply SAT patch number 9828.

Risk factor :

High / CVSS Base Score : 8.3

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now