SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)

high Nessus Plugin ID 81480
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.9

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This collective update for KVM and libvirt provides fixes for security and non-security issues.

kvm :

- Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640)

- Fix performance degradation after migration.
(bsc#878350)

- Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl.
(bsc#908381)

- Add validate hex properties for qdev. (bsc#852397)

- Add boot option to do strict boot (bsc#900084)

- Add query-command-line-options QMP command. (bsc#899144)

- Fix incorrect return value of migrate_cancel.
(bsc#843074)

- Fix insufficient parameter validation during ram load.
(bsc#905097, CVE-2014-7840)

- Fix insufficient blit region checks in qemu/cirrus.
(bsc#907805, CVE-2014-8106) libvirt :

- Fix security hole with migratable flag in dumpxml.
(bsc#904176, CVE-2014-7823)

- Fix domain deadlock. (bsc#899484, CVE-2014-3657)

- Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633)

- Fix undefined symbol when starting virtlockd.
(bsc#910145)

- Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084)

- Add support for 'reboot-timeout' in qemu. (bsc#899144)

- Increase QEMU's monitor timeout to 30sec. (bsc#911742)

- Allow setting QEMU's migration max downtime any time.
(bsc#879665)

Solution

Apply SAT patch number 10222.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=843074

https://bugzilla.novell.com/show_bug.cgi?id=852397

https://bugzilla.novell.com/show_bug.cgi?id=878350

https://bugzilla.novell.com/show_bug.cgi?id=879665

https://bugzilla.novell.com/show_bug.cgi?id=897654

https://bugzilla.novell.com/show_bug.cgi?id=897783

https://bugzilla.novell.com/show_bug.cgi?id=899144

https://bugzilla.novell.com/show_bug.cgi?id=899484

https://bugzilla.novell.com/show_bug.cgi?id=900084

https://bugzilla.novell.com/show_bug.cgi?id=904176

https://bugzilla.novell.com/show_bug.cgi?id=905097

https://bugzilla.novell.com/show_bug.cgi?id=907805

https://bugzilla.novell.com/show_bug.cgi?id=908381

https://bugzilla.novell.com/show_bug.cgi?id=910145

https://bugzilla.novell.com/show_bug.cgi?id=911742

http://support.novell.com/security/cve/CVE-2014-3633.html

http://support.novell.com/security/cve/CVE-2014-3640.html

http://support.novell.com/security/cve/CVE-2014-3657.html

http://support.novell.com/security/cve/CVE-2014-7823.html

http://support.novell.com/security/cve/CVE-2014-7840.html

http://support.novell.com/security/cve/CVE-2014-8106.html

Plugin Details

Severity: High

ID: 81480

File Name: suse_11_kvm-libvirt-201412-150123.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2/24/2015

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kvm, p-cpe:/a:novell:suse_linux:11:libvirt, p-cpe:/a:novell:suse_linux:11:libvirt-client, p-cpe:/a:novell:suse_linux:11:libvirt-client-32bit, p-cpe:/a:novell:suse_linux:11:libvirt-doc, p-cpe:/a:novell:suse_linux:11:libvirt-lock-sanlock, p-cpe:/a:novell:suse_linux:11:libvirt-python, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/23/2015

Reference Information

CVE: CVE-2014-3633, CVE-2014-3640, CVE-2014-3657, CVE-2014-7823, CVE-2014-7840, CVE-2014-8106