SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The XEN hypervisor received updates to fix various security issues and
bugs.

The following security issues were fixed :

- CVE-2015-2151: XSA-123: A hypervisor memory corruption
due to x86 emulator flaw.

- CVE-2015-2045: XSA-122: Information leak through version
information hypercall.

- CVE-2015-2044: XSA-121: Information leak via internal
x86 system device emulation.

- CVE-2015-2152: XSA-119: HVM qemu was unexpectedly
enabling emulated VGA graphics backends.

- CVE-2014-3615: Information leakage when guest sets high
graphics resolution.

- CVE-2015-0361: XSA-116: A xen crash due to use after
free on hvm guest teardown.

- CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock
starvation.

Also the following bugs were fixed :

- bnc#919098 - XEN blktap device intermittently fails to
connect

- bnc#882089 - Windows 2012 R2 fails to boot up with
greater than 60 vcpus

- bnc#903680 - Problems with detecting free loop devices
on Xen guest startup

- bnc#861318 - xentop reports 'Found interface vif101.0
but domain 101 does not exist.'

- Update seabios to rel-1.7.3.1 which is the correct
version for Xen 4.4

- Enhancement to virsh/libvirtd 'send-key' command The xen
side small fix. (FATE#317240)

- bnc#901488 - Intel ixgbe driver assigns rx/tx queues per
core resulting in irq problems on servers with a large
amount of CPU cores

- bnc#910254 - SLES11 SP3 Xen VT-d igb NIC doesn't work

- Add domain_migrate_constraints_set API to Xend's http
interface (FATE#317239)

- Restore missing fixes from block-dmmd script

- bnc#904255 - XEN boot hangs in early boot on UEFI system

- bsc#912011 - high ping latency after upgrade to latest
SLES11SP3 on xen Dom0

- Fix missing banner by restoring the figlet program.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://support.novell.com/security/cve/CVE-2014-3615.html
http://support.novell.com/security/cve/CVE-2014-9065.html
http://support.novell.com/security/cve/CVE-2014-9066.html
http://support.novell.com/security/cve/CVE-2015-0361.html
http://support.novell.com/security/cve/CVE-2015-2044.html
http://support.novell.com/security/cve/CVE-2015-2045.html
http://support.novell.com/security/cve/CVE-2015-2151.html
http://support.novell.com/security/cve/CVE-2015-2152.html
https://bugzilla.suse.com/861318
https://bugzilla.suse.com/882089
https://bugzilla.suse.com/895528
https://bugzilla.suse.com/901488
https://bugzilla.suse.com/903680
https://bugzilla.suse.com/904255
https://bugzilla.suse.com/906996
https://bugzilla.suse.com/910254
https://bugzilla.suse.com/910681
https://bugzilla.suse.com/912011
https://bugzilla.suse.com/918995
https://bugzilla.suse.com/918998
https://bugzilla.suse.com/919098
https://bugzilla.suse.com/919464
https://bugzilla.suse.com/919663
http://www.nessus.org/u?b4eac41b

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-147=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-147=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-147=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now