Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.1318.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:1318-1)
Summary:The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2014:1318-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2014:1318-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues.

The following security issues have been fixed:

* XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation
(bnc#897657)
* XSA-106: CVE-2014-7156: Missing privilege level checks in x86
emulation of software interrupts (bnc#895802)
* XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT,
LGDT, LIDT, and LMSW emulation (bnc#895799)
* XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram
(bnc#895798)
* XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests
(bnc#880751)
* XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI
injection (bnc#878841)
* XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible
(bnc#867910)
* XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow
(bnc#842006)
* CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
(bnc#864801)

The following non-security issues have been fixed:

* xend: Fix netif convertToDeviceNumber for running domains
(bnc#891539)
* Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in
the VM (bnc#882092)
* XEN kernel panic do_device_not_available() (bnc#881900)
* Boot Failure with xen kernel in UEFI mode with error 'No memory for
trampoline' (bnc#833483)
* SLES 11 SP3 vm-install should get RHEL 7 support when released
(bnc#862608)
* SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480
cpu) (bnc#858178)
* Local attach support for PHY backends using scripts
local_attach_support_for_phy.patch (bnc#865682)
* Improve multipath support for npiv devices block-npiv (bnc#798770)

Security Issues:

* CVE-2013-4344
* CVE-2013-4540
* CVE-2014-2599
* CVE-2014-3967
* CVE-2014-3968
* CVE-2014-4021
* CVE-2014-7154
* CVE-2014-7155
* CVE-2014-7156
* CVE-2014-7188

Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3.

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4344
BugTraq ID: 62773
http://www.securityfocus.com/bid/62773
http://www.openwall.com/lists/oss-security/2013/10/02/2
http://article.gmane.org/gmane.comp.emulators.qemu/237191
http://osvdb.org/98028
RedHat Security Advisories: RHSA-2013:1553
http://rhn.redhat.com/errata/RHSA-2013-1553.html
RedHat Security Advisories: RHSA-2013:1754
http://rhn.redhat.com/errata/RHSA-2013-1754.html
SuSE Security Announcement: openSUSE-SU-2014:1279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:1281 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://www.ubuntu.com/usn/USN-2092-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4540
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-2599
BugTraq ID: 66407
http://www.securityfocus.com/bid/66407
Debian Security Information: DSA-3006 (Google Search)
http://www.debian.org/security/2014/dsa-3006
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://www.openwall.com/lists/oss-security/2014/03/25/2
http://www.openwall.com/lists/oss-security/2014/03/25/1
http://www.securitytracker.com/id/1029956
Common Vulnerability Exposure (CVE) ID: CVE-2014-3967
BugTraq ID: 67794
http://www.securityfocus.com/bid/67794
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html
https://security.gentoo.org/glsa/201504-04
http://www.openwall.com/lists/oss-security/2014/06/04/13
http://www.securitytracker.com/id/1030322
Common Vulnerability Exposure (CVE) ID: CVE-2014-3968
BugTraq ID: 67824
http://www.securityfocus.com/bid/67824
Common Vulnerability Exposure (CVE) ID: CVE-2014-4021
BugTraq ID: 68070
http://www.securityfocus.com/bid/68070
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
http://www.securitytracker.com/id/1030442
http://secunia.com/advisories/59208
http://secunia.com/advisories/60027
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
Common Vulnerability Exposure (CVE) ID: CVE-2014-7154
Debian Security Information: DSA-3041 (Google Search)
http://www.debian.org/security/2014/dsa-3041
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html
http://security.gentoo.org/glsa/glsa-201412-42.xml
http://www.securitytracker.com/id/1030887
http://secunia.com/advisories/61501
http://secunia.com/advisories/61890
Common Vulnerability Exposure (CVE) ID: CVE-2014-7155
BugTraq ID: 70057
http://www.securityfocus.com/bid/70057
http://www.securitytracker.com/id/1030888
http://secunia.com/advisories/61858
Common Vulnerability Exposure (CVE) ID: CVE-2014-7156
BugTraq ID: 70062
http://www.securityfocus.com/bid/70062
http://www.securitytracker.com/id/1030889
http://secunia.com/advisories/61500
Common Vulnerability Exposure (CVE) ID: CVE-2014-7188
BugTraq ID: 70198
http://www.securityfocus.com/bid/70198
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html
http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf
http://www.securitytracker.com/id/1030936
http://secunia.com/advisories/61664
XForce ISS Database: xen-cve20147188-dos(96785)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96785
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.