SUSE SLES11 Security Update : xen (SUSE-SU-2019:14199-1)

high Nessus Plugin ID 150593

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14199-1 advisory.

- The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. (CVE-2019-12067)

- In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
(CVE-2019-12068)

- interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
(CVE-2019-12155)

- ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. (CVE-2019-14378)

- libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890)

- An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. (CVE-2019-17340)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. (CVE-2019-17341)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
(CVE-2019-17342)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. (CVE-2019-17343)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
(CVE-2019-17344)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. (CVE-2019-17346)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). (CVE-2019-17347)

- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
(CVE-2019-17348)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1126140

https://bugzilla.suse.com/1126141

https://bugzilla.suse.com/1126192

https://bugzilla.suse.com/1126195

https://bugzilla.suse.com/1126196

https://bugzilla.suse.com/1126198

https://bugzilla.suse.com/1126201

https://bugzilla.suse.com/1127400

https://bugzilla.suse.com/1135905

https://bugzilla.suse.com/1143797

https://bugzilla.suse.com/1145652

https://bugzilla.suse.com/1146874

https://bugzilla.suse.com/1149813

http://www.nessus.org/u?f7b624c2

https://www.suse.com/security/cve/CVE-2019-12067

https://www.suse.com/security/cve/CVE-2019-12068

https://www.suse.com/security/cve/CVE-2019-12155

https://www.suse.com/security/cve/CVE-2019-14378

https://www.suse.com/security/cve/CVE-2019-15890

https://www.suse.com/security/cve/CVE-2019-17340

https://www.suse.com/security/cve/CVE-2019-17341

https://www.suse.com/security/cve/CVE-2019-17342

https://www.suse.com/security/cve/CVE-2019-17343

https://www.suse.com/security/cve/CVE-2019-17344

https://www.suse.com/security/cve/CVE-2019-17346

https://www.suse.com/security/cve/CVE-2019-17347

https://www.suse.com/security/cve/CVE-2019-17348

Plugin Details

Severity: High

ID: 150593

File Name: suse_SU-2019-14199-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/10/2021

Updated: 1/21/2022

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-17346

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:xen-doc-html, p-cpe:/a:novell:suse_linux:xen-tools, p-cpe:/a:novell:suse_linux:xen-kmp-default, p-cpe:/a:novell:suse_linux:xen-tools-domu, p-cpe:/a:novell:suse_linux:xen, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:xen-libs, p-cpe:/a:novell:suse_linux:xen-kmp-pae, p-cpe:/a:novell:suse_linux:xen-libs-32bit

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/24/2019

Vulnerability Publication Date: 5/22/2019

Reference Information

CVE: CVE-2019-12067, CVE-2019-12068, CVE-2019-12155, CVE-2019-14378, CVE-2019-15890, CVE-2019-17340, CVE-2019-17341, CVE-2019-17342, CVE-2019-17343, CVE-2019-17344, CVE-2019-17346, CVE-2019-17347, CVE-2019-17348

IAVB: 2019-B-0079-S

SuSE: SUSE-SU-2019:14199-1