Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.OPENSUSE-2015-314.NASL
HistoryApr 21, 2015 - 12:00 a.m.

openSUSE Security Update : xen (openSUSE-2015-314)

2015-04-2100:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
15
JSON

Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security bugs.

The following vulnerabilities were fixed :

  • Long latency MMIO mapping operations are not preemptible (XSA-125 CVE-2015-2752 bnc#922705)

  • Unmediated PCI command register access in qemu (XSA-126 CVE-2015-2756 bnc#922706)

  • Hypervisor memory corruption due to x86 emulator flaw (bnc#919464 CVE-2015-2151 XSA-123)

  • Information leak through version information hypercall (bnc#918998 CVE-2015-2045 XSA-122)

  • Information leak via internal x86 system device emulation (bnc#918995 (CVE-2015-2044 XSA-121)

  • HVM qemu unexpectedly enabling emulated VGA graphics backends (bnc#919663 CVE-2015-2152 XSA-119)

  • information leakage when guest sets high resolution (bnc#895528 CVE-2014-3615)

The following non-security bugs were fixed :

  • L3: XEN blktap device intermittently fails to connect (bnc#919098)

  • Problems with detecting free loop devices on Xen guest startup (bnc#903680)

  • xentop reports ‘Found interface vif101.0 but domain 101 does not exist.’ (bnc#861318)

  • Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores (bnc#901488)

  • SLES11 SP3 Xen VT-d igb NIC doesn’t work (bnc#910254)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-314.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82907);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-3615", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2152", "CVE-2015-2752", "CVE-2015-2756");

  script_name(english:"openSUSE Security Update : xen (openSUSE-2015-314)");
  script_summary(english:"Check for the openSUSE-2015-314 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Xen was updated to 4.3.4 to fix multiple vulnerabities and
non-security bugs.

The following vulnerabilities were fixed :

  - Long latency MMIO mapping operations are not preemptible
    (XSA-125 CVE-2015-2752 bnc#922705)

  - Unmediated PCI command register access in qemu (XSA-126
    CVE-2015-2756 bnc#922706)

  - Hypervisor memory corruption due to x86 emulator flaw
    (bnc#919464 CVE-2015-2151 XSA-123)

  - Information leak through version information hypercall
    (bnc#918998 CVE-2015-2045 XSA-122)

  - Information leak via internal x86 system device
    emulation (bnc#918995 (CVE-2015-2044 XSA-121)

  - HVM qemu unexpectedly enabling emulated VGA graphics
    backends (bnc#919663 CVE-2015-2152 XSA-119)

  - information leakage when guest sets high resolution
    (bnc#895528 CVE-2014-3615)

The following non-security bugs were fixed :

  - L3: XEN blktap device intermittently fails to connect
    (bnc#919098) 

  - Problems with detecting free loop devices on Xen guest
    startup (bnc#903680)

  - xentop reports 'Found interface vif101.0 but domain 101
    does not exist.' (bnc#861318) 

  - Intel ixgbe driver assigns rx/tx queues per core
    resulting in irq problems on servers with a large amount
    of CPU cores (bnc#901488)

  - SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=861318"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=895528"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=901488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=903680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910254"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=918995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=918998"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=919098"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=919464"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=919663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922705"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922706"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.4_02_k3.11.10_29-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.4_02_k3.11.10_29-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.4_02_k3.11.10_29-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.4_02_k3.11.10_29-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.4_02_k3.11.10_29-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.4_02_k3.11.10_29-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.4_02-41.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.4_02-41.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen-debugsource / xen-devel / xen-kmp-default / etc");
}
VendorProductVersionCPE
novellopensusexenp-cpe:/a:novell:opensuse:xen
novellopensusexen-debugsourcep-cpe:/a:novell:opensuse:xen-debugsource
novellopensusexen-develp-cpe:/a:novell:opensuse:xen-devel
novellopensusexen-doc-htmlp-cpe:/a:novell:opensuse:xen-doc-html
novellopensusexen-kmp-defaultp-cpe:/a:novell:opensuse:xen-kmp-default
novellopensusexen-kmp-default-debuginfop-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo
novellopensusexen-kmp-desktopp-cpe:/a:novell:opensuse:xen-kmp-desktop
novellopensusexen-kmp-desktop-debuginfop-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo
novellopensusexen-kmp-paep-cpe:/a:novell:opensuse:xen-kmp-pae
novellopensusexen-kmp-pae-debuginfop-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo
Rows per page:
1-10 of 211

References

Related

suse 4
openvas 51
nessus 55
citrix 1
osv 3
debian 5
securityvulns 5
fedora 18
kaspersky 1
huawei 1
prion 7
cve 7
ubuntucve 7
debiancve 7
xen 6
freebsd 6
centos 2
oraclelinux 3
redhat 4
gentoo 2
veracode 1
ubuntu 2
mageia 1
suse
suse
Security update for xen (important)
2015-04-20 16:04:56
Security update for Xen (important)
2015-03-27 10:04:56
Security update for xen (important)
2015-06-22 12:04:52
openvas
openvas
openSUSE: Security Advisory for xen (openSUSE-SU-2015:0732-1)
2015-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0747-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0746-1)
2021-06-09 00:00:00
nessus
nessus
Fedora 20 : xen-4.3.3-12.fc20 (2015-3721)
2015-03-25 00:00:00
Fedora 22 : xen-4.5.0-6.fc22 (2015-3935)
2015-03-23 00:00:00
SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0746-1)
2015-05-20 00:00:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2015-03-02 04:00:00
osv
osv
xen - security update
2015-03-10 00:00:00
qemu - security update
2015-05-13 00:00:00
xen - security update
2016-05-17 00:00:00
debian
debian
[SECURITY] [DSA 3181-1] xen security update
2015-03-10 20:40:17
[SECURITY] [DSA 3259-1] qemu security update
2015-05-13 16:07:57
[SECURITY] [DLA 479-1] xen security update
2016-05-17 23:13:35
securityvulns
securityvulns
[SECURITY] [DSA 3181-1] xen security update
2015-03-15 00:00:00
Xen multiple security vulnerabilities
2015-03-15 00:00:00
[USN-2608-1] QEMU vulnerabilities
2015-05-17 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.0-6.fc22
2015-03-21 04:59:10
[SECURITY] Fedora 21 Update: xen-4.4.2-2.fc21
2015-04-11 09:04:58
[SECURITY] Fedora 22 Update: xen-4.5.0-7.fc22
2015-04-21 18:51:14
kaspersky
kaspersky
KLA10527 Multiple vulnerabilities in different versions of Xen
2015-04-01 00:00:00
huawei
huawei
Security Advisory - Xen Vulnerabilities on Huawei FusionSphere products
2015-04-10 00:00:00
prion
prion
Memory corruption
2015-03-12 14:59:00
Default credentials
2015-03-18 16:59:00
Design/Logic Flaw
2015-03-12 14:59:00
cve
cve
CVE-2015-2045
2015-03-12 14:59:00
CVE-2015-2152
2015-03-18 16:59:00
CVE-2015-2151
2015-03-12 14:59:00
ubuntucve
ubuntucve
CVE-2015-2045
2015-03-12 00:00:00
CVE-2015-2044
2015-03-12 00:00:00
CVE-2015-2151
2015-03-12 00:00:00
debiancve
debiancve
CVE-2015-2045
2015-03-12 14:59:00
CVE-2015-2044
2015-03-12 14:59:00
CVE-2015-2151
2015-03-12 14:59:00
xen
xen
Information leak through version information hypercall
2015-03-05 12:00:00
Hypervisor memory corruption due to x86 emulator flaw
2015-03-10 12:00:00
HVM qemu unexpectedly enabling emulated VGA graphics backends
2015-03-12 12:00:00
freebsd
freebsd
xen-kernel -- Information leak through version information hypercall
2015-03-05 00:00:00
xen-kernel -- Hypervisor memory corruption due to x86 emulator flaw
2015-03-10 00:00:00
xen-kernel -- Information leak via internal x86 system device emulation
2015-03-05 00:00:00
centos
centos
libcacard, qemu security update
2014-10-21 17:21:12
kernel security update
2016-03-16 14:17:08
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-10-20 00:00:00
kernel security update
2016-03-16 00:00:00
kernel security update
2016-03-15 00:00:00
redhat
redhat
(RHSA-2014:1669) Low: qemu-kvm security and bug fix update
2014-10-20 00:00:00
(RHSA-2014:1670) Low: qemu-kvm-rhev security and bug fix update
2014-10-20 00:00:00
(RHSA-2014:1941) Low: qemu-kvm-rhev security update
2014-12-02 16:46:30
gentoo
gentoo
Xen: Multiple vulnerabilities
2015-04-11 00:00:00
QEMU: Multiple Vulnerabilities
2014-12-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:27:32
ubuntu
ubuntu
QEMU vulnerabilities
2015-05-13 00:00:00
QEMU vulnerabilities
2014-11-13 00:00:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
JSON
Related for OPENSUSE-2015-314.NASL
suse4openvas51nessus55citrix1osv3debian5securityvulns5fedora18kaspersky1huawei1prion7cve7ubuntucve7debiancve7xen6freebsd6centos2oraclelinux3redhat4gentoo2veracode1ubuntu2mageia1