SuSE 11.2 Security Update : Xen (SAT Patch Number 7798)

high Nessus Plugin ID 66985
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues.

The following security issues have been fixed :

- Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal.
(CVE-2013-1918)

- Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (CVE-2013-1952)

- A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. (CVE-2013-2076)

- A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users.
(CVE-2013-2077)

- A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users.
(CVE-2013-2078)

- Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory.
(CVE-2013-2072)

- Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (CVE-2013-1917)

- Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.'.
(CVE-2013-1919)

- Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.
(CVE-2013-1920)

- Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. (CVE-2013-1964)

Bugfixes :

- Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check .patch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-po inters.patch

- Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball.

- can't use pv-grub to start domU (pygrub does work) xen.spec. (bnc#809662)

- Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injecte d-events.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iom mu-mappings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.pa tch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-mes sages.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.pa tch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-i s-enabled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping .patch 26749-x86-reserve-pages-when-SandyBridge-integrated-grap hics.patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.pa tch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy- vectors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patc h 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-pagin g-mode.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenh eap-pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patc h 26851-iommu-crash-Interrupt-remapping-is-also-disabled-o n-crash.patch

- Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch. (bnc#814709)

- Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_exte nded_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another- cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-value s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.p atch 26683-credit1-Use-atomic-bit-operations-for-the-flags-st ructure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch

Solution

Apply SAT patch number 7798.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=801663

https://bugzilla.novell.com/show_bug.cgi?id=809662

https://bugzilla.novell.com/show_bug.cgi?id=813673

https://bugzilla.novell.com/show_bug.cgi?id=813675

https://bugzilla.novell.com/show_bug.cgi?id=813677

https://bugzilla.novell.com/show_bug.cgi?id=814709

https://bugzilla.novell.com/show_bug.cgi?id=816156

https://bugzilla.novell.com/show_bug.cgi?id=816159

https://bugzilla.novell.com/show_bug.cgi?id=816163

https://bugzilla.novell.com/show_bug.cgi?id=819416

https://bugzilla.novell.com/show_bug.cgi?id=820917

https://bugzilla.novell.com/show_bug.cgi?id=820919

https://bugzilla.novell.com/show_bug.cgi?id=820920

http://support.novell.com/security/cve/CVE-2013-1917.html

http://support.novell.com/security/cve/CVE-2013-1918.html

http://support.novell.com/security/cve/CVE-2013-1919.html

http://support.novell.com/security/cve/CVE-2013-1920.html

http://support.novell.com/security/cve/CVE-2013-1952.html

http://support.novell.com/security/cve/CVE-2013-1964.html

http://support.novell.com/security/cve/CVE-2013-2072.html

http://support.novell.com/security/cve/CVE-2013-2076.html

http://support.novell.com/security/cve/CVE-2013-2077.html

http://support.novell.com/security/cve/CVE-2013-2078.html

Plugin Details

Severity: High

ID: 66985

File Name: suse_11_xen-201305-130531.nasl

Version: 1.13

Type: local

Agent: unix

Published: 6/26/2013

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: High

Base Score: 7.4

Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:xen, p-cpe:/a:novell:suse_linux:11:xen-doc-html, p-cpe:/a:novell:suse_linux:11:xen-doc-pdf, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-kmp-trace, p-cpe:/a:novell:suse_linux:11:xen-libs, p-cpe:/a:novell:suse_linux:11:xen-libs-32bit, p-cpe:/a:novell:suse_linux:11:xen-tools, p-cpe:/a:novell:suse_linux:11:xen-tools-domU, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/31/2013

Reference Information

CVE: CVE-2013-1917, CVE-2013-1918, CVE-2013-1919, CVE-2013-1920, CVE-2013-1952, CVE-2013-1964, CVE-2013-2072, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078