openSUSE Security Update : xen (openSUSE-2015-314)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Xen was updated to 4.3.4 to fix multiple vulnerabities and
non-security bugs.

The following vulnerabilities were fixed :

- Long latency MMIO mapping operations are not preemptible
(XSA-125 CVE-2015-2752 bnc#922705)

- Unmediated PCI command register access in qemu (XSA-126
CVE-2015-2756 bnc#922706)

- Hypervisor memory corruption due to x86 emulator flaw
(bnc#919464 CVE-2015-2151 XSA-123)

- Information leak through version information hypercall
(bnc#918998 CVE-2015-2045 XSA-122)

- Information leak via internal x86 system device
emulation (bnc#918995 (CVE-2015-2044 XSA-121)

- HVM qemu unexpectedly enabling emulated VGA graphics
backends (bnc#919663 CVE-2015-2152 XSA-119)

- information leakage when guest sets high resolution
(bnc#895528 CVE-2014-3615)

The following non-security bugs were fixed :

- L3: XEN blktap device intermittently fails to connect
(bnc#919098)

- Problems with detecting free loop devices on Xen guest
startup (bnc#903680)

- xentop reports 'Found interface vif101.0 but domain 101
does not exist.' (bnc#861318)

- Intel ixgbe driver assigns rx/tx queues per core
resulting in irq problems on servers with a large amount
of CPU cores (bnc#901488)

- SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=861318
https://bugzilla.opensuse.org/show_bug.cgi?id=895528
https://bugzilla.opensuse.org/show_bug.cgi?id=901488
https://bugzilla.opensuse.org/show_bug.cgi?id=903680
https://bugzilla.opensuse.org/show_bug.cgi?id=910254
https://bugzilla.opensuse.org/show_bug.cgi?id=918995
https://bugzilla.opensuse.org/show_bug.cgi?id=918998
https://bugzilla.opensuse.org/show_bug.cgi?id=919098
https://bugzilla.opensuse.org/show_bug.cgi?id=919464
https://bugzilla.opensuse.org/show_bug.cgi?id=919663
https://bugzilla.opensuse.org/show_bug.cgi?id=922705
https://bugzilla.opensuse.org/show_bug.cgi?id=922706

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 82907 ()

Bugtraq ID:

CVE ID: CVE-2014-3615
CVE-2015-2044
CVE-2015-2045
CVE-2015-2151
CVE-2015-2152
CVE-2015-2752
CVE-2015-2756

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now