Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:1203-1)
Zusammenfassung:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1203-1 advisory.
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1203-1 advisory.

Vulnerability Insight:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,
- Handle HPET timers in IO-APIC mode correctly to prevent malicious or
buggy HVM guests from causing a hypervisor crash or potentially
privilege escalation/information leaks (XSA-261, bsc#1090822)
- Prevent unbounded loop, induced by qemu allowing an attacker to
permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
- CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were
able to read arbitrary dom0 files via QMP live insertion of a CDROM, in
conjunction with specifying the target file as the backing file of a
snapshot (bsc#1089152).
- CVE-2018-10471: x86 PV guest OS users were able to cause a denial of
service (out-of-bounds zero write and hypervisor crash) via unexpected
INT 80 processing, because of an incorrect fix for CVE-2017-5754
- CVE-2018-7550: The load_multiboot function allowed local guest OS users
to execute arbitrary code on the host via a mh_load_end_addr value
greater than mh_bss_end_addr, which triggers an out-of-bounds read or
write memory access (bsc#1083292).

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-5754
BugTraq ID: 102378
BugTraq ID: 106128
CERT/CC vulnerability note: VU#180049
CERT/CC vulnerability note: VU#584653
Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
Debian Security Information: DSA-4078 (Google Search)
Debian Security Information: DSA-4082 (Google Search)
Debian Security Information: DSA-4120 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-18:03
RedHat Security Advisories: RHSA-2018:0292
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-7550
BugTraq ID: 103181
Debian Security Information: DSA-4213 (Google Search)
RedHat Security Advisories: RHSA-2018:1369
RedHat Security Advisories: RHSA-2018:2462
Common Vulnerability Exposure (CVE) ID: CVE-2018-8897
BugTraq ID: 104071
CERT/CC vulnerability note: VU#631579
Debian Security Information: DSA-4196 (Google Search)
Debian Security Information: DSA-4201 (Google Search)
RedHat Security Advisories: RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1319
RedHat Security Advisories: RHSA-2018:1345
RedHat Security Advisories: RHSA-2018:1346
RedHat Security Advisories: RHSA-2018:1347
RedHat Security Advisories: RHSA-2018:1348
RedHat Security Advisories: RHSA-2018:1349
RedHat Security Advisories: RHSA-2018:1350
RedHat Security Advisories: RHSA-2018:1351
RedHat Security Advisories: RHSA-2018:1352
RedHat Security Advisories: RHSA-2018:1353
RedHat Security Advisories: RHSA-2018:1354
RedHat Security Advisories: RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:1524
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.