Summary
Check the version of xen
Solution
Please Install the Updated Packages.
Insight
XEN was updated to fix security issues and bugs.
Security issues fixed:
- bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation
- bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts
- bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
- bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram
- bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
- bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
- bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection
- bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests
- bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow
Other bugs fixed:
- bnc#896023 - Adjust xentop column layout
- bnc#820873 - The 'long' option doesn't work with 'xl list' - bnc#882127 - Xen kernel panics on booting SLES12 Beta 8 - bnc#865682 - Local attach support for PHY backends using scripts - bnc#798770 - Improve multipath support for npiv devices
Affected
xen on openSUSE 13.1
Detection
Get the installed version with the help of detect NVT and check if the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4344, CVE-2013-4540, CVE-2014-3124, CVE-2014-3967, CVE-2014-3968, CVE-2014-4021, CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities