Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2015.1894.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2015:1894-1)
Resumen:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2015:1894-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2015:1894-1 advisory.

Vulnerability Insight:
xen was updated to version 4.4.3 to fix nine security issues.
These security issues were fixed:
- CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary
files with predictable names, which allowed local users to cause a
denial of service (instantiation failure) by creating /tmp/qemu-smb.*-*
files before the program (bsc#932267).
- CVE-2014-0222: Integer overflow in the qcow_open function allowed remote
attackers to cause a denial of service (crash) via a large L2 table in a
QCOW version 1 image (bsc#877642).
- CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests
(bsc#950367).
- CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on
disks when using the qemu-xen device model, which allowed local guest
users to write to a read-only disk image (bsc#947165).
- CVE-2015-5239: Integer overflow in vnc_client_read() and
protocol_client_msg() (bsc#944463).
- CVE-2015-6815: With e1000 NIC emulation support it was possible to enter
an infinite loop (bsc#944697).
- CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to
denial of service (bsc#950703).
- CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array
leading to denial of service (bsc#950705).
- CVE-2015-7971: Some pmu and profiling hypercalls log without rate
limiting (bsc#950706).
These non-security issues were fixed:
- bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed
- bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of
guest with VT-d NIC
- bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed
- bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has
been observed
- bnc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting
in irq problems on servers with a large amount of CPU cores
- bsc#945167: Running command: xl pci-assignable-add 03:10.1 secondly show
errors
- bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort
- bsc#949549: xm create hangs when maxmen value is enclosed in quotes

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0222
BugTraq ID: 67357
http://www.securityfocus.com/bid/67357
Debian Security Information: DSA-3044 (Google Search)
http://www.debian.org/security/2014/dsa-3044
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
SuSE Security Announcement: SUSE-SU-2015:0929 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
SuSE Security Announcement: openSUSE-SU-2015:1965 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4037
BugTraq ID: 74809
http://www.securityfocus.com/bid/74809
Debian Security Information: DSA-3284 (Google Search)
http://www.debian.org/security/2015/dsa-3284
Debian Security Information: DSA-3285 (Google Search)
http://www.debian.org/security/2015/dsa-3285
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html
http://www.openwall.com/lists/oss-security/2015/05/13/7
http://www.openwall.com/lists/oss-security/2015/05/16/5
http://www.openwall.com/lists/oss-security/2015/05/23/4
http://www.securitytracker.com/id/1032547
SuSE Security Announcement: SUSE-SU-2015:1152 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html
SuSE Security Announcement: SUSE-SU-2015:1519 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html
http://www.ubuntu.com/usn/USN-2630-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5239
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
http://www.openwall.com/lists/oss-security/2015/09/02/7
http://www.ubuntu.com/usn/USN-2745-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-6815
http://www.openwall.com/lists/oss-security/2015/09/04/4
http://www.openwall.com/lists/oss-security/2015/09/05/5
https://bugzilla.redhat.com/show_bug.cgi?id=1260076
Common Vulnerability Exposure (CVE) ID: CVE-2015-7311
BugTraq ID: 76823
http://www.securityfocus.com/bid/76823
Debian Security Information: DSA-3414 (Google Search)
http://www.debian.org/security/2015/dsa-3414
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
https://security.gentoo.org/glsa/201604-03
http://www.securitytracker.com/id/1033633
SuSE Security Announcement: openSUSE-SU-2015:2250 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7835
BugTraq ID: 77366
http://www.securityfocus.com/bid/77366
Debian Security Information: DSA-3390 (Google Search)
http://www.debian.org/security/2015/dsa-3390
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171249.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171185.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171082.html
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt
http://www.securitytracker.com/id/1034032
Common Vulnerability Exposure (CVE) ID: CVE-2015-7969
BugTraq ID: 77364
http://www.securityfocus.com/bid/77364
http://www.securitytracker.com/id/1034033
Common Vulnerability Exposure (CVE) ID: CVE-2015-7971
BugTraq ID: 77363
http://www.securityfocus.com/bid/77363
http://www.securitytracker.com/id/1034035
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.