openSUSE Security Update : xen (openSUSE-2015-434) (Venom)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Xen was updated to 4.4.2 to fix multiple vulnerabilities and
non-security bugs.

The following vulnerabilities were fixed :

- CVE-2015-4103: Potential unintended writes to host MSI
message data field via qemu (XSA-128) (boo#931625)

- CVE-2015-4104: PCI MSI mask bits inadvertently exposed
to guests (XSA-129) (boo#931626)

- CVE-2015-4105: Guest triggerable qemu MSI-X pass-through
error messages (XSA-130) (boo#931627)

- CVE-2015-4106: Unmediated PCI register access in qemu
(XSA-131) (boo#931628)

- CVE-2015-4164: DoS through iret hypercall handler
(XSA-136) (boo#932996)

- CVE-2015-4163: GNTTABOP_swap_grant_ref operation
misbehavior (XSA-134) (boo#932790)

- CVE-2015-3209: heap overflow in qemu pcnet controller
allowing guest to host escape (XSA-135) (boo#932770)

- CVE-2015-3456: Fixed a buffer overflow in the floppy
drive emulation, which could be used to denial of
service attacks or potential code execution against the
host. ()

- CVE-2015-3340: Xen did not initialize certain fields,
which allowed certain remote service domains to obtain
sensitive information from memory via a (1)
XEN_DOMCTL_gettscinfo or (2)
XEN_SYSCTL_getdomaininfolist request. ()

- CVE-2015-2752: Long latency MMIO mapping operations are
not preemptible (XSA-125 boo#922705)

- CVE-2015-2756: Unmediated PCI command register access in
qemu (XSA-126 boo#922706)

- CVE-2015-2751: Certain domctl operations may be abused
to lock up the host (XSA-127 boo#922709)

- CVE-2015-2151: Hypervisor memory corruption due to x86
emulator flaw (boo#919464 XSA-123)

- CVE-2015-2045: Information leak through version
information hypercall (boo#918998 XSA-122)

- CVE-2015-2044: Information leak via internal x86 system
device emulation (boo#918995 (XSA-121)

- CVE-2015-2152: HVM qemu unexpectedly enabling emulated
VGA graphics backends (boo#919663 XSA-119)

- CVE-2014-3615: information leakage when guest sets high
resolution (boo#895528)

The following non-security bugs were fixed :

- xentop: Fix memory leak on read failure

- boo#923758: xen dmesg contains bogus output in early
boot

- boo#921842: Xentop doesn't display disk statistics for
VMs using qdisks

- boo#919098: L3: XEN blktap device intermittently fails
to connect

- boo#882089: Windows 2012 R2 fails to boot up with
greater than 60 vcpus

- boo#903680: Problems with detecting free loop devices on
Xen guest startup

- boo#861318: xentop reports 'Found interface vif101.0 but
domain 101 does not exist.'

- boo#901488: Intel ixgbe driver assigns rx/tx queues per
core resulting in irq problems on servers with a large
amount of CPU cores

- boo#910254: SLES11 SP3 Xen VT-d igb NIC doesn't work

- boo#912011: high ping latency after upgrade to latest
SLES11SP3 on xen Dom0

- boo#906689: let systemd schedule xencommons after
network-online.target and remote-fs.target so that
xendomains has access to remote shares

The following functionality was enabled or enhanced :

- Enable spice support in qemu for x86_64

- Add Qxl vga support

- Enhancement to virsh/libvirtd 'send-key' command
(FATE#317240)

- Add domain_migrate_constraints_set API to Xend's http
interface (FATE#317239)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=861318
https://bugzilla.opensuse.org/show_bug.cgi?id=882089
https://bugzilla.opensuse.org/show_bug.cgi?id=895528
https://bugzilla.opensuse.org/show_bug.cgi?id=901488
https://bugzilla.opensuse.org/show_bug.cgi?id=903680
https://bugzilla.opensuse.org/show_bug.cgi?id=906689
https://bugzilla.opensuse.org/show_bug.cgi?id=910254
https://bugzilla.opensuse.org/show_bug.cgi?id=912011
https://bugzilla.opensuse.org/show_bug.cgi?id=918995
https://bugzilla.opensuse.org/show_bug.cgi?id=918998
https://bugzilla.opensuse.org/show_bug.cgi?id=919098
https://bugzilla.opensuse.org/show_bug.cgi?id=919464
https://bugzilla.opensuse.org/show_bug.cgi?id=919663
https://bugzilla.opensuse.org/show_bug.cgi?id=921842
https://bugzilla.opensuse.org/show_bug.cgi?id=922705
https://bugzilla.opensuse.org/show_bug.cgi?id=922706
https://bugzilla.opensuse.org/show_bug.cgi?id=922709
https://bugzilla.opensuse.org/show_bug.cgi?id=923758
https://bugzilla.opensuse.org/show_bug.cgi?id=927967
https://bugzilla.opensuse.org/show_bug.cgi?id=929339
https://bugzilla.opensuse.org/show_bug.cgi?id=931625
https://bugzilla.opensuse.org/show_bug.cgi?id=931626
https://bugzilla.opensuse.org/show_bug.cgi?id=931627
https://bugzilla.opensuse.org/show_bug.cgi?id=931628
https://bugzilla.opensuse.org/show_bug.cgi?id=932770
https://bugzilla.opensuse.org/show_bug.cgi?id=932790
https://bugzilla.opensuse.org/show_bug.cgi?id=932996

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now