Beschreibung: | Summary: The remote host is missing an update for the 'xen' package(s) announced via the referenced advisory.
Vulnerability Insight: XEN was updated to fix various bugs and security issues.
Security issues fixed:
- bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation
- bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts
- bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
- bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram
- bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load
- bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests
- bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection
- bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible
- bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow
Other bugs fixed:
- bnc#896023 - Adjust xentop column layout
- bnc#891539 - xend: fix netif convertToDeviceNumber for running domains
- bnc#820873 - The 'long' option doesn't work with 'xl list'
- bnc#881900 - XEN kernel panic do_device_not_available()
- bnc#833483 - Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline'
- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support when released
- bnc#858178 - [HP HPS Bug]: SLES11sp3 XEN kiso version cause softlockup on 8 blades npar(480 cpu)
- bnc#865682 - Local attach support for PHY backends using scripts
- bnc#798770 - Improve multipath support for npiv devices
Affected Software/OS: xen on openSUSE 12.3
Solution: Please install the updated package(s).
CVSS Score: 8.3
CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
|