openSUSE Security Update : xen (openSUSE-2015-314)

High Nessus Plugin ID 82907

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6

Synopsis

The remote openSUSE host is missing a security update.

Description

Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs.

The following vulnerabilities were fixed :

- Long latency MMIO mapping operations are not preemptible (XSA-125 CVE-2015-2752 bnc#922705)

- Unmediated PCI command register access in qemu (XSA-126 CVE-2015-2756 bnc#922706)

- Hypervisor memory corruption due to x86 emulator flaw (bnc#919464 CVE-2015-2151 XSA-123)

- Information leak through version information hypercall (bnc#918998 CVE-2015-2045 XSA-122)

- Information leak via internal x86 system device emulation (bnc#918995 (CVE-2015-2044 XSA-121)

- HVM qemu unexpectedly enabling emulated VGA graphics backends (bnc#919663 CVE-2015-2152 XSA-119)

- information leakage when guest sets high resolution (bnc#895528 CVE-2014-3615)

The following non-security bugs were fixed :

- L3: XEN blktap device intermittently fails to connect (bnc#919098)

- Problems with detecting free loop devices on Xen guest startup (bnc#903680)

- xentop reports 'Found interface vif101.0 but domain 101 does not exist.' (bnc#861318)

- Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores (bnc#901488)

- SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)

Solution

Update the affected xen packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=861318

https://bugzilla.opensuse.org/show_bug.cgi?id=895528

https://bugzilla.opensuse.org/show_bug.cgi?id=901488

https://bugzilla.opensuse.org/show_bug.cgi?id=903680

https://bugzilla.opensuse.org/show_bug.cgi?id=910254

https://bugzilla.opensuse.org/show_bug.cgi?id=918995

https://bugzilla.opensuse.org/show_bug.cgi?id=918998

https://bugzilla.opensuse.org/show_bug.cgi?id=919098

https://bugzilla.opensuse.org/show_bug.cgi?id=919464

https://bugzilla.opensuse.org/show_bug.cgi?id=919663

https://bugzilla.opensuse.org/show_bug.cgi?id=922705

https://bugzilla.opensuse.org/show_bug.cgi?id=922706

Plugin Details

Severity: High

ID: 82907

File Name: openSUSE-2015-314.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2015/04/21

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, p-cpe:/a:novell:opensuse:xen-xend-tools, p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/04/13

Reference Information

CVE: CVE-2014-3615, CVE-2015-2044, CVE-2015-2045, CVE-2015-2151, CVE-2015-2152, CVE-2015-2752, CVE-2015-2756