Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.1203.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:1203-1)
Zusammenfassung:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1203-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1203-1 advisory.

Vulnerability Insight:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,
bsc#1090820)
- Handle HPET timers in IO-APIC mode correctly to prevent malicious or
buggy HVM guests from causing a hypervisor crash or potentially
privilege escalation/information leaks (XSA-261, bsc#1090822)
- Prevent unbounded loop, induced by qemu allowing an attacker to
permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
- CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were
able to read arbitrary dom0 files via QMP live insertion of a CDROM, in
conjunction with specifying the target file as the backing file of a
snapshot (bsc#1089152).
- CVE-2018-10471: x86 PV guest OS users were able to cause a denial of
service (out-of-bounds zero write and hypervisor crash) via unexpected
INT 80 processing, because of an incorrect fix for CVE-2017-5754
(bsc#1089635).
- CVE-2018-7550: The load_multiboot function allowed local guest OS users
to execute arbitrary code on the host via a mh_load_end_addr value
greater than mh_bss_end_addr, which triggers an out-of-bounds read or
write memory access (bsc#1083292).

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-5754
BugTraq ID: 102378
http://www.securityfocus.com/bid/102378
BugTraq ID: 106128
http://www.securityfocus.com/bid/106128
CERT/CC vulnerability note: VU#180049
https://www.kb.cert.org/vuls/id/180049
CERT/CC vulnerability note: VU#584653
http://www.kb.cert.org/vuls/id/584653
Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Debian Security Information: DSA-4078 (Google Search)
https://www.debian.org/security/2018/dsa-4078
Debian Security Information: DSA-4082 (Google Search)
https://www.debian.org/security/2018/dsa-4082
Debian Security Information: DSA-4120 (Google Search)
https://www.debian.org/security/2018/dsa-4120
FreeBSD Security Advisory: FreeBSD-SA-18:03
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
https://security.gentoo.org/glsa/201810-06
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://meltdownattack.com/
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
RedHat Security Advisories: RHSA-2018:0292
https://access.redhat.com/errata/RHSA-2018:0292
http://www.securitytracker.com/id/1040071
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
https://usn.ubuntu.com/usn/usn-3516-1/
https://usn.ubuntu.com/usn/usn-3522-2/
https://usn.ubuntu.com/3522-3/
https://usn.ubuntu.com/3522-4/
https://usn.ubuntu.com/3523-1/
https://usn.ubuntu.com/usn/usn-3523-2/
https://usn.ubuntu.com/usn/usn-3524-2/
https://usn.ubuntu.com/usn/usn-3525-1/
https://usn.ubuntu.com/3540-2/
https://usn.ubuntu.com/3541-2/
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3597-1/
https://usn.ubuntu.com/3597-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7550
BugTraq ID: 103181
http://www.securityfocus.com/bid/103181
Debian Security Information: DSA-4213 (Google Search)
https://www.debian.org/security/2018/dsa-4213
https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
RedHat Security Advisories: RHSA-2018:1369
https://access.redhat.com/errata/RHSA-2018:1369
RedHat Security Advisories: RHSA-2018:2462
https://access.redhat.com/errata/RHSA-2018:2462
https://usn.ubuntu.com/3649-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8897
BugTraq ID: 104071
http://www.securityfocus.com/bid/104071
CERT/CC vulnerability note: VU#631579
https://www.kb.cert.org/vuls/id/631579
Debian Security Information: DSA-4196 (Google Search)
https://www.debian.org/security/2018/dsa-4196
Debian Security Information: DSA-4201 (Google Search)
https://www.debian.org/security/2018/dsa-4201
https://www.exploit-db.com/exploits/44697/
https://www.exploit-db.com/exploits/45024/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
http://openwall.com/lists/oss-security/2018/05/08/1
http://openwall.com/lists/oss-security/2018/05/08/4
https://bugzilla.redhat.com/show_bug.cgi?id=1567074
https://github.com/can1357/CVE-2018-8897/
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
https://patchwork.kernel.org/patch/10386677/
https://support.apple.com/HT208742
https://svnweb.freebsd.org/base?view=revision&revision=333368
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
https://xenbits.xen.org/xsa/advisory-260.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
RedHat Security Advisories: RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1319
https://access.redhat.com/errata/RHSA-2018:1319
RedHat Security Advisories: RHSA-2018:1345
https://access.redhat.com/errata/RHSA-2018:1345
RedHat Security Advisories: RHSA-2018:1346
https://access.redhat.com/errata/RHSA-2018:1346
RedHat Security Advisories: RHSA-2018:1347
https://access.redhat.com/errata/RHSA-2018:1347
RedHat Security Advisories: RHSA-2018:1348
https://access.redhat.com/errata/RHSA-2018:1348
RedHat Security Advisories: RHSA-2018:1349
https://access.redhat.com/errata/RHSA-2018:1349
RedHat Security Advisories: RHSA-2018:1350
https://access.redhat.com/errata/RHSA-2018:1350
RedHat Security Advisories: RHSA-2018:1351
https://access.redhat.com/errata/RHSA-2018:1351
RedHat Security Advisories: RHSA-2018:1352
https://access.redhat.com/errata/RHSA-2018:1352
RedHat Security Advisories: RHSA-2018:1353
https://access.redhat.com/errata/RHSA-2018:1353
RedHat Security Advisories: RHSA-2018:1354
https://access.redhat.com/errata/RHSA-2018:1354
RedHat Security Advisories: RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:1524
https://access.redhat.com/errata/RHSA-2018:1524
http://www.securitytracker.com/id/1040744
http://www.securitytracker.com/id/1040849
http://www.securitytracker.com/id/1040861
http://www.securitytracker.com/id/1040866
http://www.securitytracker.com/id/1040882
https://usn.ubuntu.com/3641-1/
https://usn.ubuntu.com/3641-2/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.