Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.1923.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1923-1)
Summary:The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1923-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1923-1 advisory.

Vulnerability Insight:
The Xen hypervisor and tool-suite have been updated to fix security issues and bugs:

* CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution.
* CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks.
* CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances.
* CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked.
* CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed.

Non-security bugs have also been fixed:

* bnc#840997: It is possible to start a VM twice on the same node.
* bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar.
* bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing.
* bnc#846849: Soft lock-up with PCI pass-through and many VCPUs.
* bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'.
* Increase the maximum supported CPUs in the Hypervisor to 512.

Security Issues:

* CVE-2013-1922
>
* CVE-2013-2007
>
* CVE-2013-4375
>
* CVE-2013-4416
>
* CVE-2013-4494
>
* CVE-2013-4551
>
* CVE-2013-4553
>
* CVE-2013-4554
>

Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1922
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2013/04/15/3
http://www.openwall.com/lists/oss-security/2013/04/16/2
http://www.securitytracker.com/id/1028426
http://secunia.com/advisories/55082
Common Vulnerability Exposure (CVE) ID: CVE-2013-2007
BugTraq ID: 59675
http://www.securityfocus.com/bid/59675
https://bugzilla.redhat.com/show_bug.cgi?id=956082
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://osvdb.org/93032
RedHat Security Advisories: RHSA-2013:0791
http://rhn.redhat.com/errata/RHSA-2013-0791.html
RedHat Security Advisories: RHSA-2013:0896
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://www.securitytracker.com/id/1028521
http://secunia.com/advisories/53325
SuSE Security Announcement: openSUSE-SU-2013:1202 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
XForce ISS Database: qemu-cve20132007-priv-esc(84047)
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
Common Vulnerability Exposure (CVE) ID: CVE-2013-4375
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.openwall.com/lists/oss-security/2013/10/10/14
http://www.ubuntu.com/usn/USN-2092-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4416
BugTraq ID: 63404
http://www.securityfocus.com/bid/63404
http://www.openwall.com/lists/oss-security/2013/10/29/5
http://osvdb.org/99072
http://www.securitytracker.com/id/1029264
SuSE Security Announcement: openSUSE-SU-2013:1636 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:1876 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4494
Debian Security Information: DSA-3006 (Google Search)
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2013/11/01/3
http://www.openwall.com/lists/oss-security/2013/11/01/2
RedHat Security Advisories: RHSA-2014:0108
http://rhn.redhat.com/errata/RHSA-2014-0108.html
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4551
BugTraq ID: 63625
http://www.securityfocus.com/bid/63625
http://www.openwall.com/lists/oss-security/2013/11/11/1
http://www.securitytracker.com/id/1029313
http://secunia.com/advisories/55398
XForce ISS Database: xen-cve20134551-dos(88649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/88649
Common Vulnerability Exposure (CVE) ID: CVE-2013-4553
http://www.openwall.com/lists/oss-security/2013/11/26/8
SuSE Security Announcement: SUSE-SU-2014:0372 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4554
http://www.openwall.com/lists/oss-security/2013/11/26/9
RedHat Security Advisories: RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6375
http://www.openwall.com/lists/oss-security/2013/11/20/3
http://www.openwall.com/lists/oss-security/2013/11/21/1
http://www.securitytracker.com/id/1029369
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.