SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)

High Nessus Plugin ID 83707


The remote SUSE host is missing one or more security updates.


The XEN hypervisor received updates to fix various security issues and bugs.

The following security issues were fixed :

- CVE-2015-2151: XSA-123: A hypervisor memory corruption due to x86 emulator flaw.

- CVE-2015-2045: XSA-122: Information leak through version information hypercall.

- CVE-2015-2044: XSA-121: Information leak via internal x86 system device emulation.

- CVE-2015-2152: XSA-119: HVM qemu was unexpectedly enabling emulated VGA graphics backends.

- CVE-2014-3615: Information leakage when guest sets high graphics resolution.

- CVE-2015-0361: XSA-116: A xen crash due to use after free on hvm guest teardown.

- CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation.

Also the following bugs were fixed :

- bnc#919098 - XEN blktap device intermittently fails to connect

- bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus

- bnc#903680 - Problems with detecting free loop devices on Xen guest startup

- bnc#861318 - xentop reports 'Found interface vif101.0 but domain 101 does not exist.'

- Update seabios to rel- which is the correct version for Xen 4.4

- Enhancement to virsh/libvirtd 'send-key' command The xen side small fix. (FATE#317240)

- bnc#901488 - Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores

- bnc#910254 - SLES11 SP3 Xen VT-d igb NIC doesn't work

- Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239)

- Restore missing fixes from block-dmmd script

- bnc#904255 - XEN boot hangs in early boot on UEFI system

- bsc#912011 - high ping latency after upgrade to latest SLES11SP3 on xen Dom0

- Fix missing banner by restoring the figlet program.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-147=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-147=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-147=1

To bring your system up-to-date, use 'zypper patch'.

See Also

Plugin Details

Severity: High

ID: 83707

File Name: suse_SU-2015-0613-1.nasl

Version: $Revision: 2.5 $

Type: local

Agent: unix

Published: 2015/05/20

Modified: 2016/05/11

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:xen, p-cpe:/a:novell:suse_linux:xen-debugsource, p-cpe:/a:novell:suse_linux:xen-doc-html, p-cpe:/a:novell:suse_linux:xen-kmp-default, p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:xen-libs, p-cpe:/a:novell:suse_linux:xen-libs-debuginfo, p-cpe:/a:novell:suse_linux:xen-tools, p-cpe:/a:novell:suse_linux:xen-tools-debuginfo, p-cpe:/a:novell:suse_linux:xen-tools-domU, p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/03/09

Reference Information

CVE: CVE-2014-3615, CVE-2014-9065, CVE-2014-9066, CVE-2015-0361, CVE-2015-2044, CVE-2015-2045, CVE-2015-2151, CVE-2015-2152

BID: 69654, 71544, 71546, 71882, 72954, 72955, 73015, 73068

OSVDB: 111030, 119166, 119202, 119410, 119565