| Description: | Summary:
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1923-1 advisory.
Vulnerability Insight:
The Xen hypervisor and tool-suite have been updated to fix security issues and bugs:
* CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution.
* CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks.
* CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances.
* CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked.
* CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed.
Non-security bugs have also been fixed:
* bnc#840997: It is possible to start a VM twice on the same node.
* bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar.
* bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing.
* bnc#846849: Soft lock-up with PCI pass-through and many VCPUs.
* bnc#833483: Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'.
* Increase the maximum supported CPUs in the Hypervisor to 512.
Security Issues:
* CVE-2013-1922
>
* CVE-2013-2007
>
* CVE-2013-4375
>
* CVE-2013-4416
>
* CVE-2013-4494
>
* CVE-2013-4551
>
* CVE-2013-4553
>
* CVE-2013-4554
>
Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3.
Solution:
Please install the updated package(s).
CVSS Score:
7.9
CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C
|
