SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)

high Nessus Plugin ID 81481

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This collective update for KVM and libvirt provides fixes for security and non-security issues.

kvm :

- Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640)

- Fix performance degradation after migration.
(bsc#878350)

- Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl.
(bsc#908381)

- Add validate hex properties for qdev. (bsc#852397)

- Add boot option to do strict boot (bsc#900084)

- Add query-command-line-options QMP command. (bsc#899144)

- Fix incorrect return value of migrate_cancel.
(bsc#843074)

- Fix insufficient parameter validation during ram load.
(bsc#905097, CVE-2014-7840)

- Fix insufficient blit region checks in qemu/cirrus.
(bsc#907805, CVE-2014-8106) libvirt :

- Fix security hole with migratable flag in dumpxml.
(bsc#904176, CVE-2014-7823)

- Fix domain deadlock. (bsc#899484, CVE-2014-3657)

- Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633)

- Fix undefined symbol when starting virtlockd.
(bsc#910145)

- Add '-boot strict' to qemu's commandline whenever possible. (bsc#900084)

- Add support for 'reboot-timeout' in qemu. (bsc#899144)

- Increase QEMU's monitor timeout to 30sec. (bsc#911742)

- Allow setting QEMU's migration max downtime any time.
(bsc#879665)

Solution

Apply SAT patch number 10222.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=904176

https://bugzilla.novell.com/show_bug.cgi?id=905097

https://bugzilla.novell.com/show_bug.cgi?id=907805

https://bugzilla.novell.com/show_bug.cgi?id=908381

https://bugzilla.novell.com/show_bug.cgi?id=910145

https://bugzilla.novell.com/show_bug.cgi?id=911742

http://support.novell.com/security/cve/CVE-2014-3633.html

http://support.novell.com/security/cve/CVE-2014-3640.html

http://support.novell.com/security/cve/CVE-2014-3657.html

http://support.novell.com/security/cve/CVE-2014-7823.html

http://support.novell.com/security/cve/CVE-2014-7840.html

http://support.novell.com/security/cve/CVE-2014-8106.html

https://bugzilla.novell.com/show_bug.cgi?id=843074

https://bugzilla.novell.com/show_bug.cgi?id=852397

https://bugzilla.novell.com/show_bug.cgi?id=878350

https://bugzilla.novell.com/show_bug.cgi?id=879665

https://bugzilla.novell.com/show_bug.cgi?id=897654

https://bugzilla.novell.com/show_bug.cgi?id=897783

https://bugzilla.novell.com/show_bug.cgi?id=899144

https://bugzilla.novell.com/show_bug.cgi?id=899484

https://bugzilla.novell.com/show_bug.cgi?id=900084

Plugin Details

Severity: High

ID: 81481

File Name: suse_11_kvm-libvirt-201412-150124.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2/24/2015

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libvirt-client, p-cpe:/a:novell:suse_linux:11:libvirt-python, p-cpe:/a:novell:suse_linux:11:libvirt-doc, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libvirt-client-32bit, p-cpe:/a:novell:suse_linux:11:libvirt-lock-sanlock, p-cpe:/a:novell:suse_linux:11:kvm, p-cpe:/a:novell:suse_linux:11:libvirt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/24/2015

Reference Information

CVE: CVE-2014-3633, CVE-2014-3640, CVE-2014-3657, CVE-2014-7823, CVE-2014-7840, CVE-2014-8106