openSUSE Security Update : xen (openSUSE-2015-892)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following security issues :

- bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)

- bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
triggering an infinite loop in microcode via #DB
exception

- bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
fault delivery (XSA-156)

- bsc#950704 - CVE-2015-7970 xen: x86: Long latency
populate-on-demand operation is not preemptible
(XSA-150)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=947165
https://bugzilla.opensuse.org/show_bug.cgi?id=950704
https://bugzilla.opensuse.org/show_bug.cgi?id=954018
https://bugzilla.opensuse.org/show_bug.cgi?id=954405

Solution :

Update the affected xen packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now