openSUSE Security Update : Xen (openSUSE-SU-2012:1172-1)

high Nessus Plugin ID 74750
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Security Update for Xen

Following bug and security fixes were applied :

- bnc#776995 - attaching scsi control luns with pvscsi

- xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch

- xend/pvscsi: fix usage of persistant device names for SCSI devices xen-bug776995-pvscsi-persistent-names.patch

- xend/pvscsi: update sysfs parser for Linux 3.0 xen-bug776995-pvscsi-sysfs-parser.patch

- bnc#777090 - CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) CVE-2012-3494-xsa12.patch

- bnc#777088 - CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) CVE-2012-3495-xsa13.patch

- bnc#777091 - CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) CVE-2012-3496-xsa14.patch

- bnc#777086 - CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) CVE-2012-3498-xsa16.patch

- bnc#777084 - CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) CVE-2012-3515-xsa17.patch

- Upstream patches from Jan 25734-x86-MCG_CTL-default.patch 25735-x86-cpuid-masking-XeonE5.patch 25744-hypercall-return-long.patch

- Update to Xen 4.1.3 c/s 23336

- Upstream or pending upstream patches from Jan 25587-fix-off-by-one-parsing-error.patch 25616-x86-MCi_CTL-default.patch 25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch

- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m teardown host DoS vulnerability CVE-2012-3433-xsa11.patch

- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO emulation DoS 25682-x86-inconsistent-io-state.patch

- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service 25589-pygrub-size-limits.patch

- bnc#767273 - unsupported /var/lock/subsys is still used by xendomains init.xendomains

- bnc#766283 - opensuse 12.2 pv guests can not start after installation due to lack of grub2 support in the host 23686-pygrub-solaris.patch 23697-pygrub-grub2.patch 23944-pygrub-debug.patch 23998-pygrub-GPT.patch 23999-pygrub-grub2.patch 24000-pygrub-grub2.patch 24001-pygrub-grub2.patch 24002-pygrub-grub2.patch 24064-pygrub-HybridISO.patch 24401-pygrub-scrolling.patch 24402-pygrub-edit-fix.patch 24460-pygrub-extlinux.patch 24706-pygrub-extlinux.patch

Solution

Update the affected Xen packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=762484

https://bugzilla.novell.com/show_bug.cgi?id=766283

https://bugzilla.novell.com/show_bug.cgi?id=767273

https://bugzilla.novell.com/show_bug.cgi?id=773393

https://bugzilla.novell.com/show_bug.cgi?id=773401

https://bugzilla.novell.com/show_bug.cgi?id=776995

https://bugzilla.novell.com/show_bug.cgi?id=777084

https://bugzilla.novell.com/show_bug.cgi?id=777086

https://bugzilla.novell.com/show_bug.cgi?id=777088

https://bugzilla.novell.com/show_bug.cgi?id=777090

https://bugzilla.novell.com/show_bug.cgi?id=777091

https://lists.opensuse.org/opensuse-updates/2012-09/msg00059.html

Plugin Details

Severity: High

ID: 74750

File Name: openSUSE-2012-597.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-doc-pdf, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 9/6/2012

Reference Information

CVE: CVE-2012-2625, CVE-2012-3432, CVE-2012-3433, CVE-2012-3494, CVE-2012-3495, CVE-2012-3496, CVE-2012-3498, CVE-2012-3515