openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)

high Nessus Plugin ID 75130
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


XEN was updated to 4.2.2, fixing lots of bugs and several security issues.

Various upstream patches were also merged into this version by our developers.

Detailed buglist :

- bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously

- bnc#817799 - sles9sp4 guest fails to start after upgrading to sles11 sp3

- bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes

- Add upstream patch to fix devid assignment in libxl 27184-libxl-devid-fix.patch

- bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys 27178-libxl-Restrict-permissions-on-PV-console-device-xe nstore-nodes.patch

- bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling

- bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel

- bnc#801663 - performance of mirror lvm unsuitable for production block-dmmd

- bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to boot after panic on XEN kernel SP3 Beta 4 and RC1

- Upstream AMD Erratum patch from Jan

- bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests

- bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52)

- bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53)

- bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54)

- bnc#808085 - aacraid driver panics mapping INT A when booting kernel-xen

- bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with i915 graphics controller under Xen with VT-d enabled

- bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend

- bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask 0077 when daemonizing

- add lndir to BuildRequires

- remove xen.migrate.tools_notify_restore_to_hangup_during_migrat ion_--abort_if_busy.patch It changed migration protocol and upstream wants a different solution

- bnc#802221 - fix xenpaging readd xenpaging.qemu.flush-cache.patch

- bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel

- Additional fix for bnc#816159 CVE-2013-1918-xsa45-followup.patch

- bnc#817068 - Xen guest with >1 sr-iov vf won't start

- Update to Xen 4.2.2 c/s 26064 The following recent security patches are included in the tarball CVE-2013-0151-xsa34.patch (bnc#797285) CVE-2012-6075-xsa41.patch (bnc#797523) CVE-2013-1917-xsa44.patch (bnc#813673) CVE-2013-1919-xsa46.patch (bnc#813675)

- bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible

- bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges

- bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec

- bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto

- bnc#813673 - CVE-2013-1917: xen: Xen PV DoS vulnerability with SYSENTER

- bnc#813675 - CVE-2013-1919: xen: Several access permission issues with IRQs for unprivileged guests

- bnc#814059 - xen: qemu-nbd format-guessing due to missing format specification


Update the affected xen packages.

See Also

Plugin Details

Severity: High

ID: 75130

File Name: openSUSE-2013-677.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-doc-pdf, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/25/2013

Reference Information

CVE: CVE-2012-6075, CVE-2013-0151, CVE-2013-1432, CVE-2013-1917, CVE-2013-1918, CVE-2013-1919, CVE-2013-1922, CVE-2013-1952, CVE-2013-2007, CVE-2013-2072, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078

BID: 57420, 57495, 59070, 59291, 59292, 59615, 59617, 59675, 59982, 60277, 60278, 60282, 60799