SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This collective update for KVM and libvirt provides fixes for security
and non-security issues.

kvm :

- Fix NULL pointer dereference because of uninitialized
UDP socket. (bsc#897654, CVE-2014-3640)

- Fix performance degradation after migration.
(bsc#878350)

- Fix potential image corruption due to missing
FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl.
(bsc#908381)

- Add validate hex properties for qdev. (bsc#852397)

- Add boot option to do strict boot (bsc#900084)

- Add query-command-line-options QMP command. (bsc#899144)

- Fix incorrect return value of migrate_cancel.
(bsc#843074)

- Fix insufficient parameter validation during ram load.
(bsc#905097, CVE-2014-7840)

- Fix insufficient blit region checks in qemu/cirrus.
(bsc#907805, CVE-2014-8106) libvirt :

- Fix security hole with migratable flag in dumpxml.
(bsc#904176, CVE-2014-7823)

- Fix domain deadlock. (bsc#899484, CVE-2014-3657)

- Use correct definition when looking up disk in qemu
blkiotune. (bsc#897783, CVE-2014-3633)

- Fix undefined symbol when starting virtlockd.
(bsc#910145)

- Add '-boot strict' to qemu's commandline whenever
possible. (bsc#900084)

- Add support for 'reboot-timeout' in qemu. (bsc#899144)

- Increase QEMU's monitor timeout to 30sec. (bsc#911742)

- Allow setting QEMU's migration max downtime any time.
(bsc#879665)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=843074
https://bugzilla.novell.com/show_bug.cgi?id=852397
https://bugzilla.novell.com/show_bug.cgi?id=878350
https://bugzilla.novell.com/show_bug.cgi?id=879665
https://bugzilla.novell.com/show_bug.cgi?id=897654
https://bugzilla.novell.com/show_bug.cgi?id=897783
https://bugzilla.novell.com/show_bug.cgi?id=899144
https://bugzilla.novell.com/show_bug.cgi?id=899484
https://bugzilla.novell.com/show_bug.cgi?id=900084
https://bugzilla.novell.com/show_bug.cgi?id=904176
https://bugzilla.novell.com/show_bug.cgi?id=905097
https://bugzilla.novell.com/show_bug.cgi?id=907805
https://bugzilla.novell.com/show_bug.cgi?id=908381
https://bugzilla.novell.com/show_bug.cgi?id=910145
https://bugzilla.novell.com/show_bug.cgi?id=911742
http://support.novell.com/security/cve/CVE-2014-3633.html
http://support.novell.com/security/cve/CVE-2014-3640.html
http://support.novell.com/security/cve/CVE-2014-3657.html
http://support.novell.com/security/cve/CVE-2014-7823.html
http://support.novell.com/security/cve/CVE-2014-7840.html
http://support.novell.com/security/cve/CVE-2014-8106.html

Solution :

Apply SAT patch number 10222.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 81480 ()

Bugtraq ID:

CVE ID: CVE-2014-3633
CVE-2014-3640
CVE-2014-3657
CVE-2014-7823
CVE-2014-7840
CVE-2014-8106

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now