Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2013.1314.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2013:1314-1)
Zusammenfassung:The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1314-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1314-1 advisory.

Vulnerability Insight:
The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues:

The following security issues have been addressed:

* CVE-2013-2194: Various integer overflows in the ELF loader were fixed. (XSA-55)
* CVE-2013-2195: Various pointer dereferences issues in the ELF loader were fixed. (XSA-55)
* CVE-2013-2196: Various other problems in the ELF loader were fixed. (XSA-55)
* CVE-2013-2078: A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54)
* CVE-2013-2077: A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53)
* CVE-2013-2211: libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57)
* CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs.

Also the following bugs have been fixed:

* performance issues in mirror lvm (bnc#801663)
* aacraid driver panics mapping INT A when booting kernel-xen (bnc#808085)
* Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel (bnc#808269)
* Did not boot with i915 graphics controller with VT-d enabled (bnc#817210)

Security Issue references:

* CVE-2013-2194
>
* CVE-2013-2195
>
* CVE-2013-2196
>

Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.4

CVSS Vector:
AV:A/AC:M/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-2076
Debian Security Information: DSA-3006 (Google Search)
http://www.debian.org/security/2014/dsa-3006
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2013/06/03/1
http://secunia.com/advisories/55082
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2077
http://www.openwall.com/lists/oss-security/2013/06/03/2
Common Vulnerability Exposure (CVE) ID: CVE-2013-2078
http://www.openwall.com/lists/oss-security/2013/06/03/3
http://www.securitytracker.com/id/1028613
Common Vulnerability Exposure (CVE) ID: CVE-2013-2194
http://www.openwall.com/lists/oss-security/2013/06/20/2
http://www.openwall.com/lists/oss-security/2013/06/20/4
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2195
Common Vulnerability Exposure (CVE) ID: CVE-2013-2196
Common Vulnerability Exposure (CVE) ID: CVE-2013-2211
http://www.openwall.com/lists/oss-security/2013/06/25/1
http://www.openwall.com/lists/oss-security/2013/06/26/4
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.