SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)

High Nessus Plugin ID 81480


The remote SuSE 11 host is missing one or more security updates.


This collective update for KVM and libvirt provides fixes for security and non-security issues.

kvm :

- Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640)

- Fix performance degradation after migration.

- Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl.

- Add validate hex properties for qdev. (bsc#852397)

- Add boot option to do strict boot (bsc#900084)

- Add query-command-line-options QMP command. (bsc#899144)

- Fix incorrect return value of migrate_cancel.

- Fix insufficient parameter validation during ram load.
(bsc#905097, CVE-2014-7840)

- Fix insufficient blit region checks in qemu/cirrus.
(bsc#907805, CVE-2014-8106) libvirt :

- Fix security hole with migratable flag in dumpxml.
(bsc#904176, CVE-2014-7823)

- Fix domain deadlock. (bsc#899484, CVE-2014-3657)

- Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633)

- Fix undefined symbol when starting virtlockd.

- Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084)

- Add support for 'reboot-timeout' in qemu. (bsc#899144)

- Increase QEMU's monitor timeout to 30sec. (bsc#911742)

- Allow setting QEMU's migration max downtime any time.


Apply SAT patch number 10222.

See Also

Plugin Details

Severity: High

ID: 81480

File Name: suse_11_kvm-libvirt-201412-150123.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2015/02/24

Modified: 2015/02/24

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kvm, p-cpe:/a:novell:suse_linux:11:libvirt, p-cpe:/a:novell:suse_linux:11:libvirt-client, p-cpe:/a:novell:suse_linux:11:libvirt-client-32bit, p-cpe:/a:novell:suse_linux:11:libvirt-doc, p-cpe:/a:novell:suse_linux:11:libvirt-lock-sanlock, p-cpe:/a:novell:suse_linux:11:libvirt-python, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2015/01/23

Reference Information

CVE: CVE-2014-3633, CVE-2014-3640, CVE-2014-3657, CVE-2014-7823, CVE-2014-7840, CVE-2014-8106