Test ID:	1.3.6.1.4.1.25623.1.0.140173
Category:	Citrix Xenserver Local Security Checks
Title:	Citrix XenServer Multiple Security Updates (CTX220771)
Summary:	Two security issues have been identified within Citrix XenServer.
Description:	Summary: Two security issues have been identified within Citrix XenServer. Vulnerability Insight: The following vulnerabilities have been addressed: - CVE-2017-2615 (High): QEMU: oob access in cirrus bitblt copy - CVE-2017-2620 (High): QEMU: cirrus_bitblt_cputovideo does not check if memory region is safe. Customers using only PV guest VMs are not affected by this vulnerability. Customers using only VMs that use the std-vga graphics emulation are not affected by this vulnerability. Vulnerability Impact: These issues could, if exploited, allow the administrator of an HVM guest VM to compromise the host. Affected Software/OS: XenServer 7.0 XenServer 6.5 XenServer 6.2.0 XenServer 6.0.2 Solution: Apply the hotfix referenced in the advisory. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2615 BugTraq ID: 95990 http://www.securityfocus.com/bid/95990 https://security.gentoo.org/glsa/201702-27 https://security.gentoo.org/glsa/201702-28 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/02/01/6 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html RedHat Security Advisories: RHSA-2017:0309 http://rhn.redhat.com/errata/RHSA-2017-0309.html RedHat Security Advisories: RHSA-2017:0328 http://rhn.redhat.com/errata/RHSA-2017-0328.html RedHat Security Advisories: RHSA-2017:0329 http://rhn.redhat.com/errata/RHSA-2017-0329.html RedHat Security Advisories: RHSA-2017:0330 http://rhn.redhat.com/errata/RHSA-2017-0330.html RedHat Security Advisories: RHSA-2017:0331 http://rhn.redhat.com/errata/RHSA-2017-0331.html RedHat Security Advisories: RHSA-2017:0332 http://rhn.redhat.com/errata/RHSA-2017-0332.html RedHat Security Advisories: RHSA-2017:0333 http://rhn.redhat.com/errata/RHSA-2017-0333.html RedHat Security Advisories: RHSA-2017:0334 http://rhn.redhat.com/errata/RHSA-2017-0334.html RedHat Security Advisories: RHSA-2017:0344 http://rhn.redhat.com/errata/RHSA-2017-0344.html RedHat Security Advisories: RHSA-2017:0350 http://rhn.redhat.com/errata/RHSA-2017-0350.html RedHat Security Advisories: RHSA-2017:0396 http://rhn.redhat.com/errata/RHSA-2017-0396.html RedHat Security Advisories: RHSA-2017:0454 http://rhn.redhat.com/errata/RHSA-2017-0454.html http://www.securitytracker.com/id/1037804 Common Vulnerability Exposure (CVE) ID: CVE-2017-2620 BugTraq ID: 96378 http://www.securityfocus.com/bid/96378 https://security.gentoo.org/glsa/201703-07 https://security.gentoo.org/glsa/201704-01 https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html http://www.openwall.com/lists/oss-security/2017/02/21/1 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html RedHat Security Advisories: RHSA-2017:0351 http://rhn.redhat.com/errata/RHSA-2017-0351.html RedHat Security Advisories: RHSA-2017:0352 http://rhn.redhat.com/errata/RHSA-2017-0352.html http://www.securitytracker.com/id/1037870
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.