Detections
Analytics
openSUSE Security Update : Xen (openSUSE-SU-2012:1174-1)
high Nessus Plugin ID 74749
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
Security Update for Xen Following fixes were done :- bnc#776995 - attaching scsi control luns with pvscsi
- xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch
- xend/pvscsi: fix usage of persistant device names for SCSI devices xen-bug776995-pvscsi-persistent-names.patch
- xend/pvscsi: update sysfs parser for Linux 3.0 xen-bug776995-pvscsi-sysfs-parser.patch
- bnc#777090 - VUL-0: CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) CVE-2012-3494-xsa12.patch
- bnc#777091 - VUL-0: CVE-2012-3496: xen:
XENMEM_populate_physmap DoS vulnerability (XSA-14) CVE-2012-3496-xsa14.patch
- bnc#777084 - VUL-0: CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) CVE-2012-3515-xsa17.patch
- bnc#744771 - VM with passed through PCI card fails to reboot under dom0 load 24888-pci-release-devices.patch
- Upstream patches from Jan 25431-x86-EDD-MBR-sig-check.patch 25459-page-list-splice.patch 25478-x86-unknown-NMI-deadlock.patch 25480-x86_64-sysret-canonical.patch 25481-x86_64-AMD-erratum-121.patch 25485-x86_64-canonical-checks.patch 25587-param-parse-limit.patch 25617-vtd-qinval-addr.patch 25688-x86-nr_irqs_gsi.patch
- bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy p2m teardown host DoS vulnerability CVE-2012-3433-xsa11.patch
- bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user mode MMIO emulation DoS 25682-x86-inconsistent-io-state.patch
- bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service 25589-pygrub-size-limits.patch
Solution
Update the affected Xen packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=744771
https://bugzilla.novell.com/show_bug.cgi?id=762484
https://bugzilla.novell.com/show_bug.cgi?id=773393
https://bugzilla.novell.com/show_bug.cgi?id=773401
https://bugzilla.novell.com/show_bug.cgi?id=776995
https://bugzilla.novell.com/show_bug.cgi?id=777084
https://bugzilla.novell.com/show_bug.cgi?id=777090
https://bugzilla.novell.com/show_bug.cgi?id=777091
https://lists.opensuse.org/opensuse-updates/2012-09/msg00061.html
Plugin Details
Severity: High
ID: 74749
File Name: openSUSE-2012-596.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/13/2014
Updated: 1/19/2021
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:novell:opensuse:11.4, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-doc-pdf, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 9/6/2012
Reference Information
CVE: CVE-2012-2625, CVE-2012-3432, CVE-2012-3433, CVE-2012-3494, CVE-2012-3496, CVE-2012-3515