Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2020.14444.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2020:14444-1)
Resumen:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2020:14444-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2020:14444-1 advisory.

Vulnerability Insight:
This update for xen fixes the following issues:

bsc#1174543 - secure boot related fixes

bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe
snprintf() usages

bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy

bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues

bsc#1161181 - CVE-2020-7211: potential directory traversal using
relative paths via tftp server on Windows host

bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci
assignment methods

bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions
and blocked states

bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts

bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type
change operations

bsc#1158007 - CVE-2019-19577: dynamic height for the IOMMU pagetables

bsc#1154448 - CVE-2019-18420: VCPUOP_initialise DoS

bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in
x86 PV emulation

bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change
operations

bsc#1154461 - CVE-2019-18424: passed through PCI devices may corrupt
host memory after deassignment

bsc#1155945 - CVE-2018-12207: Machine Check Error Avoidance on Page Size
Change (aka IFU issue)

bsc#1152497 - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-7211
Debian Security Information: Debian (Google Search)
https://security-tracker.debian.org/tracker/CVE-2020-7211
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
Common Vulnerability Exposure (CVE) ID: CVE-2020-8608
Debian Security Information: DSA-4733 (Google Search)
https://www.debian.org/security/2020/dsa-4733
https://security.gentoo.org/glsa/202003-66
https://gitlab.freedesktop.org/slirp/libslirp/-/tags/v4.1.0
https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
https://www.openwall.com/lists/oss-security/2020/02/06/2
https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html
SuSE Security Announcement: openSUSE-SU-2020:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html
https://usn.ubuntu.com/4283-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.