openSUSE Security Update : xen (openSUSE-SU-2013:1392-1)

high Nessus Plugin ID 75129
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


XEN was updated to 4.1.5 release. It fixes various bugs and security issues.

Issues fixed separately from the 4.1.5 release :

- bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously

- bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM guest when there is no IOMMU

- Various upstream patches from Jan were integrated.

- bnc#823786 - support of short options dropped by PTF

- bnc#803712 - after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing <num>

- CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page refcount handling in page table pin error path

- CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys

- bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling

- bnc#801663 - performance of mirror lvm unsuitable for production

- CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45:
Several long latency operations are not preemptible

- CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49:
VT-d interrupt remapping source validation flaw for bridges

- CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen:
Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52)

- CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen:
Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53)

- CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen:
Hypervisor crash due to missing exception recovery on XSETBV (XSA-54)

- CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56:
Buffer overflow in xencontrol Python bindings affecting xend

- Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball.

- CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long latency operations are not preemptible

- CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt remapping source validation flaw for bridges

- bnc#809662 - can't use pv-grub to start domU (pygrub does work)

- CVE-2013-1917 / bnc#813673 - xen: Xen PV DoS vulnerability with SYSENTER

- CVE-2013-1919 / bnc#813675 - xen: Several access permission issues with IRQs for unprivileged guests

- CVE-2013-1920 / bnc#813677 - xen: Potential use of freed memory in event channel operations

- bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto


Update the affected xen packages.

See Also

Plugin Details

Severity: High

ID: 75129

File Name: openSUSE-2013-669.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 6


Risk Factor: High

Base Score: 7.4

Temporal Score: 5.5

Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-doc-pdf, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/22/2013

Reference Information

CVE: CVE-2013-1432, CVE-2013-1917, CVE-2013-1918, CVE-2013-1919, CVE-2013-1920, CVE-2013-1952, CVE-2013-1964, CVE-2013-2072, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078, CVE-2013-2211

BID: 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60721, 60799