SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)

High Nessus Plugin ID 70969


The remote SuSE 11 host is missing one or more security updates.


XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues.

- XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. (CVE-2013-4416)

- XSA-63: Fixed information leaks through I/O instruction emulation. (CVE-2013-4355)

- XSA-66: Fixed information leak through fbld instruction emulation. (CVE-2013-4361)

- XSA-67: Fixed information leak through outs instruction emulation. (CVE-2013-4368)

- XSA-68: Fixed possible null dereference when parsing vif ratelimiting info. (CVE-2013-4369)

- XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub. (CVE-2013-4370)

- XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure. (CVE-2013-4371)

- XSA-71: xen: qemu disk backend (qdisk) resource leak.

- XSA-62: Fixed information leak on AVX and/or LWP capable CPUs. (CVE-2013-1442)

- XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed:. (CVE-2013-1432)

- Boot failure with xen kernel in UEFI mode with error 'No memory for trampoline'. (bnc#833483)

- Improvements to block-dmmd script. (bnc#828623)

- MTU size on Dom0 gets reset when booting DomU with e1000 device. (bnc#840196)

- In HP's UEFI x86_64 platform and with xen environment, in booting stage, xen hypervisor will panic.

- Xen: migration broken from xsave-capable to xsave-incapable host. (bnc#833796)

- In xen, 'shutdown -y 0 -h' cannot power off system.

- In HP's UEFI x86_64 platform with xen environment, xen hypervisor will panic on multiple blades nPar.

- vcpus not started after upgrading Dom0 from SLES 11 SP2 to SP3. (bnc#835896)

- SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary. (bnc#836239)

- Failed to setup devices for vm instance when start multiple vms simultaneously. (bnc#824676)

- SLES 9 SP4 guest fails to start after upgrading to SLES 11 SP3. (bnc#817799)

- Various upstream fixes have been included.


Apply SAT patch number 8478 / 8479 as appropriate.

See Also

Plugin Details

Severity: High

ID: 70969

File Name: suse_11_xen-201310-131029.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2013/11/20

Modified: 2014/07/26

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.4

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:xen, p-cpe:/a:novell:suse_linux:11:xen-doc-html, p-cpe:/a:novell:suse_linux:11:xen-doc-pdf, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-kmp-trace, p-cpe:/a:novell:suse_linux:11:xen-libs, p-cpe:/a:novell:suse_linux:11:xen-libs-32bit, p-cpe:/a:novell:suse_linux:11:xen-tools, p-cpe:/a:novell:suse_linux:11:xen-tools-domU, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/10/29

Reference Information

CVE: CVE-2013-1432, CVE-2013-1442, CVE-2013-1918, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-2211, CVE-2013-4329, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368, CVE-2013-4369, CVE-2013-4370, CVE-2013-4371, CVE-2013-4375, CVE-2013-4416