SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)

High Nessus Plugin ID 70969

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues.

- XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. (CVE-2013-4416)

- XSA-63: Fixed information leaks through I/O instruction emulation. (CVE-2013-4355)

- XSA-66: Fixed information leak through fbld instruction emulation. (CVE-2013-4361)

- XSA-67: Fixed information leak through outs instruction emulation. (CVE-2013-4368)

- XSA-68: Fixed possible null dereference when parsing vif ratelimiting info. (CVE-2013-4369)

- XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub. (CVE-2013-4370)

- XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure. (CVE-2013-4371)

- XSA-71: xen: qemu disk backend (qdisk) resource leak.
(CVE-2013-4375)

- XSA-62: Fixed information leak on AVX and/or LWP capable CPUs. (CVE-2013-1442)

- XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed:. (CVE-2013-1432)

- Boot failure with xen kernel in UEFI mode with error 'No memory for trampoline'. (bnc#833483)

- Improvements to block-dmmd script. (bnc#828623)

- MTU size on Dom0 gets reset when booting DomU with e1000 device. (bnc#840196)

- In HP's UEFI x86_64 platform and with xen environment, in booting stage, xen hypervisor will panic.
(bnc#833251)

- Xen: migration broken from xsave-capable to xsave-incapable host. (bnc#833796)

- In xen, 'shutdown -y 0 -h' cannot power off system.
(bnc#834751)

- In HP's UEFI x86_64 platform with xen environment, xen hypervisor will panic on multiple blades nPar.
(bnc#839600)

- vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3. (bnc#835896)

- SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary. (bnc#836239)

- Failed to setup devices for vm instance when start multiple vms simultaneously. (bnc#824676)

- SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3. (bnc#817799)

- Various upstream fixes have been included.

Solution

Apply SAT patch number 8478 / 8479 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=803712

https://bugzilla.novell.com/show_bug.cgi?id=817799

https://bugzilla.novell.com/show_bug.cgi?id=823011

https://bugzilla.novell.com/show_bug.cgi?id=823608

https://bugzilla.novell.com/show_bug.cgi?id=823786

https://bugzilla.novell.com/show_bug.cgi?id=824676

https://bugzilla.novell.com/show_bug.cgi?id=826882

https://bugzilla.novell.com/show_bug.cgi?id=828623

https://bugzilla.novell.com/show_bug.cgi?id=833251

https://bugzilla.novell.com/show_bug.cgi?id=833483

https://bugzilla.novell.com/show_bug.cgi?id=833796

https://bugzilla.novell.com/show_bug.cgi?id=834751

https://bugzilla.novell.com/show_bug.cgi?id=835896

https://bugzilla.novell.com/show_bug.cgi?id=836239

https://bugzilla.novell.com/show_bug.cgi?id=839596

https://bugzilla.novell.com/show_bug.cgi?id=839600

https://bugzilla.novell.com/show_bug.cgi?id=839618

https://bugzilla.novell.com/show_bug.cgi?id=840196

https://bugzilla.novell.com/show_bug.cgi?id=840592

https://bugzilla.novell.com/show_bug.cgi?id=841766

https://bugzilla.novell.com/show_bug.cgi?id=842511

https://bugzilla.novell.com/show_bug.cgi?id=842512

https://bugzilla.novell.com/show_bug.cgi?id=842513

https://bugzilla.novell.com/show_bug.cgi?id=842514

https://bugzilla.novell.com/show_bug.cgi?id=842515

https://bugzilla.novell.com/show_bug.cgi?id=845520

http://support.novell.com/security/cve/CVE-2013-1432.html

http://support.novell.com/security/cve/CVE-2013-1442.html

http://support.novell.com/security/cve/CVE-2013-1918.html

http://support.novell.com/security/cve/CVE-2013-2194.html

http://support.novell.com/security/cve/CVE-2013-2195.html

http://support.novell.com/security/cve/CVE-2013-2196.html

http://support.novell.com/security/cve/CVE-2013-2211.html

http://support.novell.com/security/cve/CVE-2013-4329.html

http://support.novell.com/security/cve/CVE-2013-4355.html

http://support.novell.com/security/cve/CVE-2013-4361.html

http://support.novell.com/security/cve/CVE-2013-4368.html

http://support.novell.com/security/cve/CVE-2013-4369.html

http://support.novell.com/security/cve/CVE-2013-4370.html

http://support.novell.com/security/cve/CVE-2013-4371.html

http://support.novell.com/security/cve/CVE-2013-4375.html

http://support.novell.com/security/cve/CVE-2013-4416.html

Plugin Details

Severity: High

ID: 70969

File Name: suse_11_xen-201310-131029.nasl

Version: Revision: 1.4

Type: local

Agent: unix

Published: 2013/11/20

Updated: 2014/07/26

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.4

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:xen, p-cpe:/a:novell:suse_linux:11:xen-doc-html, p-cpe:/a:novell:suse_linux:11:xen-doc-pdf, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-kmp-trace, p-cpe:/a:novell:suse_linux:11:xen-libs, p-cpe:/a:novell:suse_linux:11:xen-libs-32bit, p-cpe:/a:novell:suse_linux:11:xen-tools, p-cpe:/a:novell:suse_linux:11:xen-tools-domU, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/10/29

Reference Information

CVE: CVE-2013-1432, CVE-2013-1442, CVE-2013-1918, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-2211, CVE-2013-4329, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368, CVE-2013-4369, CVE-2013-4370, CVE-2013-4371, CVE-2013-4375, CVE-2013-4416