Test ID:	1.3.6.1.4.1.25623.1.1.4.2014.1318.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2014:1318-1)
Summary:	The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2014:1318-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2014:1318-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed: * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation (bnc#897657) * XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI injection (bnc#878841) * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible (bnc#867910) * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow (bnc#842006) * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed: * xend: Fix netif convertToDeviceNumber for running domains (bnc#891539) * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM (bnc#882092) * XEN kernel panic do_device_not_available() (bnc#881900) * Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' (bnc#833483) * SLES 11 SP3 vm-install should get RHEL 7 support when released (bnc#862608) * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) (bnc#858178) * Local attach support for PHY backends using scripts local_attach_support_for_phy.patch (bnc#865682) * Improve multipath support for npiv devices block-npiv (bnc#798770) Security Issues: * CVE-2013-4344 * CVE-2013-4540 * CVE-2014-2599 * CVE-2014-3967 * CVE-2014-3968 * CVE-2014-4021 * CVE-2014-7154 * CVE-2014-7155 * CVE-2014-7156 * CVE-2014-7188 Affected Software/OS: 'Xen' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3. Solution: Please install the updated package(s). CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4344 62773 http://www.securityfocus.com/bid/62773 98028 http://osvdb.org/98028 RHSA-2013:1553 http://rhn.redhat.com/errata/RHSA-2013-1553.html RHSA-2013:1754 http://rhn.redhat.com/errata/RHSA-2013-1754.html USN-2092-1 http://www.ubuntu.com/usn/USN-2092-1 [oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow http://www.openwall.com/lists/oss-security/2013/10/02/2 [qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released http://article.gmane.org/gmane.comp.emulators.qemu/237191 openSUSE-SU-2014:1279 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html openSUSE-SU-2014:1281 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4540 FEDORA-2014-6288 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html [Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html [Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b Common Vulnerability Exposure (CVE) ID: CVE-2014-2599 BugTraq ID: 66407 http://www.securityfocus.com/bid/66407 Debian Security Information: DSA-3006 (Google Search) http://www.debian.org/security/2014/dsa-3006 http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists/oss-security/2014/03/25/2 http://www.openwall.com/lists/oss-security/2014/03/25/1 http://www.securitytracker.com/id/1029956 SuSE Security Announcement: openSUSE-SU-2014:1279 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2014-3967 BugTraq ID: 67794 http://www.securityfocus.com/bid/67794 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134739.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html https://security.gentoo.org/glsa/201504-04 http://www.openwall.com/lists/oss-security/2014/06/04/13 http://www.securitytracker.com/id/1030322 SuSE Security Announcement: openSUSE-SU-2014:1281 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2014-3968 BugTraq ID: 67824 http://www.securityfocus.com/bid/67824 Common Vulnerability Exposure (CVE) ID: CVE-2014-4021 BugTraq ID: 68070 http://www.securityfocus.com/bid/68070 http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html http://www.securitytracker.com/id/1030442 http://secunia.com/advisories/59208 http://secunia.com/advisories/60027 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 Common Vulnerability Exposure (CVE) ID: CVE-2014-7154 Debian Security Information: DSA-3041 (Google Search) http://www.debian.org/security/2014/dsa-3041 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html http://security.gentoo.org/glsa/glsa-201412-42.xml http://www.securitytracker.com/id/1030887 http://secunia.com/advisories/61501 http://secunia.com/advisories/61890 Common Vulnerability Exposure (CVE) ID: CVE-2014-7155 BugTraq ID: 70057 http://www.securityfocus.com/bid/70057 http://www.securitytracker.com/id/1030888 http://secunia.com/advisories/61858 Common Vulnerability Exposure (CVE) ID: CVE-2014-7156 BugTraq ID: 70062 http://www.securityfocus.com/bid/70062 http://www.securitytracker.com/id/1030889 http://secunia.com/advisories/61500 Common Vulnerability Exposure (CVE) ID: CVE-2014-7188 BugTraq ID: 70198 http://www.securityfocus.com/bid/70198 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf http://www.securitytracker.com/id/1030936 http://secunia.com/advisories/61664 XForce ISS Database: xen-cve20147188-dos(96785) https://exchange.xforce.ibmcloud.com/vulnerabilities/96785
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.