SUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1487-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

XEN received various security and bugfixes :

- CVE-2012-4535: xen: Timer overflow DoS vulnerability
(XSA-20)

- CVE-2012-4537: xen: Memory mapping failure DoS
vulnerability (XSA-22)

The following additional bugs have been fixed :

- bnc#784087 - L3: Xen BUG at io_apic.c:129
26102-x86-IOAPIC-legacy-not-first.patch

- Upstream patches from Jan
25927-x86-domctl-ioport-mapping-range.patch
25931-x86-domctl-iomem-mapping-checks.patch
26061-x86-oprof-counter-range.patch
25431-x86-EDD-MBR-sig-check.patch
25480-x86_64-sysret-canonical.patch
25481-x86_64-AMD-erratum-121.patch
25485-x86_64-canonical-checks.patch
25587-param-parse-limit.patch
25589-pygrub-size-limits.patch
25744-hypercall-return-long.patch
25765-x86_64-allow-unsafe-adjust.patch
25773-x86-honor-no-real-mode.patch
25786-x86-prefer-multiboot-meminfo-over-e801.patch
25808-domain_create-return-value.patch
25814-x86_64-set-debugreg-guest.patch
24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch
25200-x86_64-trap-bounce-flags.patch
25271-x86_64-IST-index.patch bnc#651093 - win2k8 guests
are unable to restore after saving the vms state
ept-novell-x64.patch 23800-x86_64-guest-addr-range.patch
24168-x86-vioapic-clear-remote_irr.patch
24453-x86-vIRQ-IRR-TMR-race.patch
24456-x86-emul-lea.patch

bnc#713555 - Unable to install RHEL 6.1 x86 as a
paravirtualized guest OS on SLES 10 SP4 x86
vm-install-0.2.19.tar.bz2

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?9eafc586
http://support.novell.com/security/cve/CVE-2012-3497.html
http://support.novell.com/security/cve/CVE-2012-4411.html
http://support.novell.com/security/cve/CVE-2012-4535.html
http://support.novell.com/security/cve/CVE-2012-4536.html
http://support.novell.com/security/cve/CVE-2012-4537.html
http://support.novell.com/security/cve/CVE-2012-4538.html
http://support.novell.com/security/cve/CVE-2012-4539.html
http://support.novell.com/security/cve/CVE-2012-4544.html
https://bugzilla.novell.com/651093
https://bugzilla.novell.com/713555
https://bugzilla.novell.com/784087
https://bugzilla.novell.com/786516
https://bugzilla.novell.com/786517
http://www.nessus.org/u?88058f84

Solution :

Update the affected Xen packages

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 83564 ()

Bugtraq ID: 55410
55442
56289
56498

CVE ID: CVE-2012-3497
CVE-2012-4411
CVE-2012-4535
CVE-2012-4536
CVE-2012-4537
CVE-2012-4538
CVE-2012-4539
CVE-2012-4544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now