Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-2791-1.NASL
HistoryDec 09, 2020 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:2791-1)

2020-12-0900:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

This update for xen fixes the following issues :

CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)

CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334)

CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336)

CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)

CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)

CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)

CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)

CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)

CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)

CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)

Various other fixes (bsc#1027519)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:2791-1.
# The text itself is copyright (C) SUSE.
#

include('compat.inc');

if (description)
{
  script_id(143707);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/11");

  script_cve_id(
    "CVE-2020-25595",
    "CVE-2020-25596",
    "CVE-2020-25597",
    "CVE-2020-25598",
    "CVE-2020-25599",
    "CVE-2020-25600",
    "CVE-2020-25601",
    "CVE-2020-25602",
    "CVE-2020-25603",
    "CVE-2020-25604"
  );

  script_name(english:"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:2791-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This update for xen fixes the following issues :

CVE-2020-25602: Fixed an issue where there was a crash when handling
guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)

CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource
error path (bsc#1176341,XSA-334)

CVE-2020-25604: Fixed a race condition when migrating timers between
x86 HVM vCPU-s (bsc#1176343,XSA-336)

CVE-2020-25595: Fixed an issue where PCI passthrough code was reading
back hardware registers (bsc#1176344,XSA-337)

CVE-2020-25597: Fixed an issue where a valid event channels may not
turn invalid (bsc#1176346,XSA-338)

CVE-2020-25596: Fixed a potential denial of service in x86 pv guest
kernel via SYSENTER (bsc#1176345,XSA-339)

CVE-2020-25603: Fixed an issue due to missing barriers when
accessing/allocating an event channel (bsc#1176347,XSA-340)

CVE-2020-25600: Fixed out of bounds event channels available to 32-bit
x86 domains (bsc#1176348,XSA-342)

CVE-2020-25599: Fixed race conditions with evtchn_reset()
(bsc#1176349,XSA-343)

CVE-2020-25601: Fixed an issue due to lack of preemption in
evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)

Various other fixes (bsc#1027519)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027519");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176339");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176341");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176343");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176344");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176345");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176346");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176347");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176348");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176349");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176350");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25595/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25596/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25597/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25598/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25599/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25600/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25601/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25602/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25603/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25604/");
  # https://www.suse.com/support/update/announcement/2020/suse-su-20202791-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ecad9a6");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Server Applications 15-SP2 :

zypper in -t patch
SUSE-SLE-Module-Server-Applications-15-SP2-2020-2791=1

SUSE Linux Enterprise Module for Basesystem 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2791=1");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25597");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-25603");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP2", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-debugsource-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-devel-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-libs-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-libs-debuginfo-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-tools-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-tools-debuginfo-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-tools-domU-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"xen-debugsource-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"xen-libs-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"xen-libs-debuginfo-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"xen-tools-domU-4.13.1_08-3.10.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.13.1_08-3.10.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
VendorProductVersionCPE
novellsuse_linuxxenp-cpe:/a:novell:suse_linux:xen
novellsuse_linuxxen-debugsourcep-cpe:/a:novell:suse_linux:xen-debugsource
novellsuse_linuxxen-libsp-cpe:/a:novell:suse_linux:xen-libs
novellsuse_linuxxen-toolsp-cpe:/a:novell:suse_linux:xen-tools
novellsuse_linuxxen-tools-debuginfop-cpe:/a:novell:suse_linux:xen-tools-debuginfo
novellsuse_linuxxen-libs-debuginfop-cpe:/a:novell:suse_linux:xen-libs-debuginfo
novellsuse_linuxxen-tools-domup-cpe:/a:novell:suse_linux:xen-tools-domu
novellsuse_linuxxen-tools-domu-debuginfop-cpe:/a:novell:suse_linux:xen-tools-domu-debuginfo
novellsuse_linuxxen-develp-cpe:/a:novell:suse_linux:xen-devel
novellsuse_linux15cpe:/o:novell:suse_linux:15

References

Related

openvas 13
nessus 25
suse 1
citrix 1
debian 1
osv 12
fedora 3
gentoo 1
ubuntu 1
prion 10
veracode 10
cvelist 10
ubuntucve 10
xen 10
debiancve 10
redhatcve 10
cve 10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:2791-1)
2021-06-09 00:00:00
Fedora: Security Advisory for xen (FEDORA-2020-f668e579be)
2020-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2790-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:2790-1)
2020-12-09 00:00:00
Fedora 32 : xen (2020-f668e579be)
2020-10-01 00:00:00
Fedora 33 : xen (2020-306b84fd07)
2020-10-08 00:00:00
suse
suse
Security update for xen (important)
2020-10-04 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2020-09-23 04:00:00
debian
debian
[SECURITY] [DSA 4769-1] xen security update
2020-10-02 17:16:36
osv
osv
xen - security update
2020-10-02 00:00:00
xen vulnerabilities
2022-09-19 16:56:10
CVE-2020-25598
2020-09-23 22:15:13
fedora
fedora
[SECURITY] Fedora 32 Update: xen-4.13.1-6.fc32
2020-10-01 01:29:30
[SECURITY] Fedora 31 Update: xen-4.12.3-5.fc31
2020-10-07 20:45:30
[SECURITY] Fedora 33 Update: xen-4.14.0-5.fc33
2020-09-27 00:19:37
gentoo
gentoo
Xen: Multiple vulnerabilities
2020-11-11 00:00:00
ubuntu
ubuntu
Xen vulnerabilities
2022-09-19 00:00:00
prion
prion
Design/Logic Flaw
2020-09-23 22:15:00
Race condition
2020-09-23 22:15:00
Race condition
2020-09-23 22:15:00
veracode
veracode
Denial Of Service (DoS)
2020-09-24 10:39:16
Denial Of Service (DoS)
2020-09-24 10:39:12
Denial Of Service (DoS)
2020-09-24 10:39:14
cvelist
cvelist
CVE-2020-25599
2020-09-23 21:10:01
CVE-2020-25598
2020-09-23 21:07:44
CVE-2020-25596
2020-09-23 21:28:21
ubuntucve
ubuntucve
CVE-2020-25598
2020-09-23 00:00:00
CVE-2020-25599
2020-09-23 00:00:00
CVE-2020-25595
2020-09-23 00:00:00
xen
xen
x86 pv guest kernel DoS via SYSENTER
2020-09-22 12:00:00
once valid event channels may not turn invalid
2020-09-22 12:00:00
Missing unlock in XENMEM_acquire_resource error path
2020-09-22 12:00:00
debiancve
debiancve
CVE-2020-25596
2020-09-23 22:15:00
CVE-2020-25597
2020-09-23 22:15:00
CVE-2020-25604
2020-09-23 22:15:00
redhatcve
redhatcve
CVE-2020-25595
2020-09-22 18:39:41
CVE-2020-25597
2020-09-22 18:39:41
CVE-2020-25596
2020-09-22 18:39:45
cve
cve
CVE-2020-25595
2020-09-23 21:15:00
CVE-2020-25604
2020-09-23 22:15:00
CVE-2020-25597
2020-09-23 22:15:00
JSON
Related for SUSE_SU-2020-2791-1.NASL
openvas13nessus25suse1citrix1debian1osv12fedora3gentoo1ubuntu1prion10veracode10cvelist10ubuntucve10xen10debiancve10redhatcve10cve10