SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor
and toolset has been updated to fix various security issues and
several bugs.

The following security issues have been addressed :

XSA-88: CVE-2014-1950: Use-after-free vulnerability in the
xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a
multithreaded toolstack, does not properly handle a failure by the
xc_cpumap_alloc function, which allows local users with access to
management functions to cause a denial of service (heap corruption)
and possibly gain privileges via unspecified vectors. (bnc#861256)

XSA-87: CVE-2014-1666: The do_physdev_op function in Xen
4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not
properly restrict access to the (1) PHYSDEVOP_prepare_msix
and (2) PHYSDEVOP_release_msix operations, which allows
local PV guests to cause a denial of service (host or guest
malfunction) or possibly gain privileges via unspecified
vectors. (bnc#860302)

XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier)
exhibit both problems with the overflow issue being present
for more than just the suboperations listed above.
(bnc#860163)

XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,
while not affected by the above overflow, have a different
overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to arbitrary guests.
(bnc#860163)

XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER
and FLASK_CONTEXT_TO_SID suboperations of the flask
hypercall are vulnerable to an integer overflow on the input
size. The hypercalls attempt to allocate a buffer which is 1
larger than this size and is therefore vulnerable to integer
overflow and an attempt to allocate then access a zero byte
buffer. (bnc#860163)

XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through
0Fh processors does not properly handle the interaction
between locked instructions and write-combined memory types,
which allows local users to cause a denial of service
(system hang) via a crafted application, aka the errata 793
issue. (bnc#853049)

XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly
4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)
does not properly prevent access to hypercalls, which allows
local guest users to gain privileges via a crafted
application running in ring 1 or 2. (bnc#849668)

XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall
in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always
obtain the page_alloc_lock and mm_rwlock in the same order,
which allows local guest administrators to cause a denial of
service (host deadlock). (bnc#849667)

XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen
3.3 through 4.3, when disabling chaches, allows local HVM
guests with access to memory mapped I/O regions to cause a
denial of service (CPU consumption and possibly hypervisor
or guest kernel panic) via a crafted GFN range. (bnc#831120)

Also the following non-security bugs have been fixed :

- Boot Failure with xen kernel in UEFI mode with error 'No
memory for trampoline' (bnc#833483)

- Fixed Xen hypervisor panic on 8-blades nPar with 46-bit
memory addressing. (bnc#848014)

- In HP's UEFI x86_64 platform and sles11sp3 with xen
environment, dom0 will soft lockup on multiple blades
nPar. (bnc#842417)

- Soft lockup with PCI passthrough and many VCPUs
(bnc#846849)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?dfc5cc4b
http://support.novell.com/security/cve/CVE-2013-2212.html
http://support.novell.com/security/cve/CVE-2013-4553.html
http://support.novell.com/security/cve/CVE-2013-4554.html
http://support.novell.com/security/cve/CVE-2013-6885.html
http://support.novell.com/security/cve/CVE-2014-1666.html
http://support.novell.com/security/cve/CVE-2014-1891.html
http://support.novell.com/security/cve/CVE-2014-1892.html
http://support.novell.com/security/cve/CVE-2014-1893.html
http://support.novell.com/security/cve/CVE-2014-1894.html
http://support.novell.com/security/cve/CVE-2014-1950.html
https://bugzilla.novell.com/831120
https://bugzilla.novell.com/833483
https://bugzilla.novell.com/842417
https://bugzilla.novell.com/846849
https://bugzilla.novell.com/848014
https://bugzilla.novell.com/849667
https://bugzilla.novell.com/849668
https://bugzilla.novell.com/853049
https://bugzilla.novell.com/860163
https://bugzilla.novell.com/860302
https://bugzilla.novell.com/861256
http://www.nessus.org/u?0a9a98b5

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP2 LTSS :

zypper in -t patch slessp2-xen-201402-8964

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now