Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2017.3212.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2017:3212-1)
Zusammenfassung:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2017:3212-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2017:3212-1 advisory.

Vulnerability Insight:
This update for xen fixes several issues.
These security issues were fixed:
- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063123)
- CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS
(unbounded recursion, stack consumption, and hypervisor crash) or
possibly gain privileges via crafted page-table stacking (bsc#1061081).
- CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS
(hypervisor crash) or possibly gain privileges because self-linear
shadow mappings were mishandled for translated guests (bsc#1061086).

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-15289
Common Vulnerability Exposure (CVE) ID: CVE-2017-15592
Common Vulnerability Exposure (CVE) ID: CVE-2017-15595
Common Vulnerability Exposure (CVE) ID: CVE-2017-15597
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.