Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2013.1314.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2013:1314-1)
Resumen:The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1314-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2013:1314-1 advisory.

Vulnerability Insight:
The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues:

The following security issues have been addressed:

* CVE-2013-2194: Various integer overflows in the ELF loader were fixed. (XSA-55)
* CVE-2013-2195: Various pointer dereferences issues in the ELF loader were fixed. (XSA-55)
* CVE-2013-2196: Various other problems in the ELF loader were fixed. (XSA-55)
* CVE-2013-2078: A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54)
* CVE-2013-2077: A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53)
* CVE-2013-2211: libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57)
* CVE-2013-2076: An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs.

Also the following bugs have been fixed:

* performance issues in mirror lvm (bnc#801663)
* aacraid driver panics mapping INT A when booting kernel-xen (bnc#808085)
* Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel (bnc#808269)
* Did not boot with i915 graphics controller with VT-d enabled (bnc#817210)

Security Issue references:

* CVE-2013-2194
>
* CVE-2013-2195
>
* CVE-2013-2196
>

Affected Software/OS:
'Xen' package(s) on SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3.

Solution:
Please install the updated package(s).

CVSS Score:
7.4

CVSS Vector:
AV:A/AC:M/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2076
Debian Security Information: DSA-3006 (Google Search)
http://www.debian.org/security/2014/dsa-3006
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2013/06/03/1
http://secunia.com/advisories/55082
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2077
http://www.openwall.com/lists/oss-security/2013/06/03/2
Common Vulnerability Exposure (CVE) ID: CVE-2013-2078
http://www.openwall.com/lists/oss-security/2013/06/03/3
http://www.securitytracker.com/id/1028613
Common Vulnerability Exposure (CVE) ID: CVE-2013-2194
http://www.openwall.com/lists/oss-security/2013/06/20/2
http://www.openwall.com/lists/oss-security/2013/06/20/4
SuSE Security Announcement: SUSE-SU-2014:0411 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2195
Common Vulnerability Exposure (CVE) ID: CVE-2013-2196
Common Vulnerability Exposure (CVE) ID: CVE-2013-2211
http://www.openwall.com/lists/oss-security/2013/06/25/1
http://www.openwall.com/lists/oss-security/2013/06/26/4
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.