Summary
Check the version of xen
Solution
Please Install the Updated Packages.
Insight
XEN was updated to fix various bugs and security issues.
Security issues fixed:
- bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation
- bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts
- bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
- bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram
- bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
- bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests
- bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection
- bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible
- bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow
Other bugs fixed:
- bnc#896023 - Adjust xentop column layout
- bnc#891539 - xend: fix netif convertToDeviceNumber for running domains - bnc#820873 - The 'long' option doesn't work with 'xl list' - bnc#881900 - XEN kernel panic do_device_not_available() - bnc#833483 - Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline'
- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support when released
- bnc#858178 - [HP HPS Bug]: SLES11sp3 XEN kiso version cause softlockup on 8 blades npar(480 cpu)
- bnc#865682 - Local attach support for PHY backends using scripts - bnc#798770 - Improve multipath support for npiv devices
Affected
xen on openSUSE 12.3
Detection
Get the installed version with the help of detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4344, CVE-2013-4540, CVE-2014-2599, CVE-2014-3967, CVE-2014-3968, CVE-2014-4021, CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities