Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2012.1486.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2012:1486-1)
Resumen:The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:1486-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:1486-1 advisory.

Vulnerability Insight:
XEN was updated to fix various bugs and security issues:

The following security issues have been fixed:

* CVE-2012-4544: xen: Domain builder Out-of-memory due to malicious kernel/ramdisk (XSA 25)
* CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19)
* CVE-2012-4535: xen: Timer overflow DoS vulnerability
(XSA 20)
* CVE-2012-4536: xen: pirq range check DoS vulnerability (XSA 21)
* CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA 22)
* CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability (XSA 23)
* CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability (XSA 24)
* CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15)

Also the following bugs have been fixed and upstream patches have been applied:

*

bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch

*

Upstream patches merged:
26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch

*

bnc#778105 - first XEN-PV VM fails to spawn xend:
Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff

25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch

Security Issue references:

* CVE-2012-4539
>
* CVE-2012-3497
>
* CVE-2012-4411
>
* CVE-2012-4535
>
* CVE-2012-4537
>
* CVE-2012-4536
>
* CVE-2012-4538
>
* CVE-2012-4539
>
* CVE-2012-4544
>

Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP2, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Desktop 11 SP2

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3497
BugTraq ID: 55410
http://www.securityfocus.com/bid/55410
http://security.gentoo.org/glsa/glsa-201309-24.xml
https://security.gentoo.org/glsa/201604-03
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
http://www.openwall.com/lists/oss-security/2012/09/05/8
http://osvdb.org/85199
http://www.securitytracker.com/id?1027482
http://secunia.com/advisories/50472
http://secunia.com/advisories/51324
http://secunia.com/advisories/51352
http://secunia.com/advisories/51413
http://secunia.com/advisories/55082
SuSE Security Announcement: SUSE-SU-2012:1486 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
SuSE Security Announcement: SUSE-SU-2012:1487 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
XForce ISS Database: xen-tmem-priv-esc(78268)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78268
Common Vulnerability Exposure (CVE) ID: CVE-2012-4411
BugTraq ID: 55442
http://www.securityfocus.com/bid/55442
Debian Security Information: DSA-2543 (Google Search)
http://www.debian.org/security/2012/dsa-2543
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html
http://www.openwall.com/lists/oss-security/2012/09/06/7
http://www.openwall.com/lists/oss-security/2012/09/06/2
http://www.openwall.com/lists/oss-security/2012/09/07/5
http://secunia.com/advisories/50493
Common Vulnerability Exposure (CVE) ID: CVE-2012-4535
BugTraq ID: 56498
http://www.securityfocus.com/bid/56498
Debian Security Information: DSA-2582 (Google Search)
http://www.debian.org/security/2012/dsa-2582
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
http://www.openwall.com/lists/oss-security/2012/11/13/1
http://osvdb.org/87298
RedHat Security Advisories: RHSA-2012:1540
http://rhn.redhat.com/errata/RHSA-2012-1540.html
http://www.securitytracker.com/id?1027759
http://secunia.com/advisories/51200
http://secunia.com/advisories/51468
SuSE Security Announcement: SUSE-SU-2012:1615 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
XForce ISS Database: xen-vcpu-dos(80022)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80022
Common Vulnerability Exposure (CVE) ID: CVE-2012-4536
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
http://www.openwall.com/lists/oss-security/2012/11/13/2
http://osvdb.org/87297
http://www.securitytracker.com/id?1027760
XForce ISS Database: xen-domainpirqtoemuirq-dos(80023)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80023
Common Vulnerability Exposure (CVE) ID: CVE-2012-4537
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
http://www.openwall.com/lists/oss-security/2012/11/13/6
http://osvdb.org/87307
http://www.securitytracker.com/id?1027761
XForce ISS Database: xen-setp2mentry-dos(80024)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80024
Common Vulnerability Exposure (CVE) ID: CVE-2012-4538
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
http://www.openwall.com/lists/oss-security/2012/11/13/3
http://osvdb.org/87306
http://www.securitytracker.com/id?1027762
XForce ISS Database: xen-hvmop-dos(80025)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80025
Common Vulnerability Exposure (CVE) ID: CVE-2012-4539
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
http://www.openwall.com/lists/oss-security/2012/11/13/4
http://www.osvdb.org/87305
http://www.securitytracker.com/id?1027763
SuSE Security Announcement: openSUSE-SU-2012:1685 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
XForce ISS Database: xen-gnttabopgetstatus-dos(80026)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80026
Common Vulnerability Exposure (CVE) ID: CVE-2012-4544
BugTraq ID: 56289
http://www.securityfocus.com/bid/56289
Debian Security Information: DSA-2636 (Google Search)
http://www.debian.org/security/2013/dsa-2636
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html
http://www.openwall.com/lists/oss-security/2012/10/26/3
http://osvdb.org/86619
RedHat Security Advisories: RHSA-2013:0241
http://rhn.redhat.com/errata/RHSA-2013-0241.html
http://www.securitytracker.com/id?1027699
http://secunia.com/advisories/51071
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
XForce ISS Database: xen-pvdomainbuilder-dos(79617)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79617
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.