openSUSE Security Update : xen (openSUSE-2015-314)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Xen was updated to 4.3.4 to fix multiple vulnerabities and
non-security bugs.

The following vulnerabilities were fixed :

- Long latency MMIO mapping operations are not preemptible
(XSA-125 CVE-2015-2752 bnc#922705)

- Unmediated PCI command register access in qemu (XSA-126
CVE-2015-2756 bnc#922706)

- Hypervisor memory corruption due to x86 emulator flaw
(bnc#919464 CVE-2015-2151 XSA-123)

- Information leak through version information hypercall
(bnc#918998 CVE-2015-2045 XSA-122)

- Information leak via internal x86 system device
emulation (bnc#918995 (CVE-2015-2044 XSA-121)

- HVM qemu unexpectedly enabling emulated VGA graphics
backends (bnc#919663 CVE-2015-2152 XSA-119)

- information leakage when guest sets high resolution
(bnc#895528 CVE-2014-3615)

The following non-security bugs were fixed :

- L3: XEN blktap device intermittently fails to connect

- Problems with detecting free loop devices on Xen guest
startup (bnc#903680)

- xentop reports 'Found interface vif101.0 but domain 101
does not exist.' (bnc#861318)

- Intel ixgbe driver assigns rx/tx queues per core
resulting in irq problems on servers with a large amount
of CPU cores (bnc#901488)

- SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)

See also :

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: SuSE Local Security Checks

Nessus Plugin ID: 82907 ()

Bugtraq ID:

CVE ID: CVE-2014-3615

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now