SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

high Nessus Plugin ID 83707

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The XEN hypervisor received updates to fix various security issues and bugs.

The following security issues were fixed :

- CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw.

- CVE-2015-2045: XSA-122: Information leak through version information hypercall.

- CVE-2015-2044: XSA-121: Information leak via internal x86 system device emulation.

- CVE-2015-2152: XSA-119: HVM qemu was unexpectedly enabling emulated VGA graphics backends.

- CVE-2014-3615: Information leakage when guest sets high graphics resolution.

- CVE-2015-0361: XSA-116: A xen crash due to use after free on hvm guest teardown.

- CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation.

Also the following bugs were fixed :

- bnc#919098 - XEN blktap device intermittently fails to connect

- bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus

- bnc#903680 - Problems with detecting free loop devices on Xen guest startup

- bnc#861318 - xentop reports 'Found interface vif101.0 but domain 101 does not exist.'

- Update seabios to rel-1.7.3.1 which is the correct version for Xen 4.4

- Enhancement to virsh/libvirtd 'send-key' command The xen side small fix. (FATE#317240)

- bnc#901488 - Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores

- bnc#910254 - SLES11 SP3 Xen VT-d igb NIC doesn't work

- Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239)

- Restore missing fixes from block-dmmd script

- bnc#904255 - XEN boot hangs in early boot on UEFI system

- bsc#912011 - high ping latency after upgrade to latest SLES11SP3 on xen Dom0

- Fix missing banner by restoring the figlet program.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-147=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-147=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-147=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=861318

https://bugzilla.suse.com/show_bug.cgi?id=882089

https://bugzilla.suse.com/show_bug.cgi?id=895528

https://bugzilla.suse.com/show_bug.cgi?id=901488

https://bugzilla.suse.com/show_bug.cgi?id=903680

https://bugzilla.suse.com/show_bug.cgi?id=904255

https://bugzilla.suse.com/show_bug.cgi?id=906996

https://bugzilla.suse.com/show_bug.cgi?id=910254

https://bugzilla.suse.com/show_bug.cgi?id=910681

https://bugzilla.suse.com/show_bug.cgi?id=912011

https://bugzilla.suse.com/show_bug.cgi?id=918995

https://bugzilla.suse.com/show_bug.cgi?id=918998

https://bugzilla.suse.com/show_bug.cgi?id=919098

https://bugzilla.suse.com/show_bug.cgi?id=919464

https://bugzilla.suse.com/show_bug.cgi?id=919663

https://www.suse.com/security/cve/CVE-2014-3615/

https://www.suse.com/security/cve/CVE-2014-9065/

https://www.suse.com/security/cve/CVE-2014-9066/

https://www.suse.com/security/cve/CVE-2015-0361/

https://www.suse.com/security/cve/CVE-2015-2044/

https://www.suse.com/security/cve/CVE-2015-2045/

https://www.suse.com/security/cve/CVE-2015-2151/

https://www.suse.com/security/cve/CVE-2015-2152/

http://www.nessus.org/u?b4eac41b

Plugin Details

Severity: High

ID: 83707

File Name: suse_SU-2015-0613-1.nasl

Version: 2.10

Type: local

Agent: unix

Published: 5/20/2015

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:xen, p-cpe:/a:novell:suse_linux:xen-debugsource, p-cpe:/a:novell:suse_linux:xen-doc-html, p-cpe:/a:novell:suse_linux:xen-kmp-default, p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:xen-libs, p-cpe:/a:novell:suse_linux:xen-libs-debuginfo, p-cpe:/a:novell:suse_linux:xen-tools, p-cpe:/a:novell:suse_linux:xen-tools-debuginfo, p-cpe:/a:novell:suse_linux:xen-tools-domu, p-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/9/2015

Vulnerability Publication Date: 11/1/2014

Reference Information

CVE: CVE-2014-3615, CVE-2014-9065, CVE-2014-9066, CVE-2015-0361, CVE-2015-2044, CVE-2015-2045, CVE-2015-2151, CVE-2015-2152

BID: 69654, 71544, 71546, 71882, 72954, 72955, 73015, 73068