 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.870797 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Update for xen RHSA-2012:1130-01 |
| Summary: | The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'xen' package(s) announced via the referenced advisory. Vulnerability Insight: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest (a DomU) could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-2625) Red Hat would like to thank Xinli Niu for reporting this issue. All users of xen are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. Affected Software/OS: xen on Red Hat Enterprise Linux (v. 5 server) Solution: Please Install the Updated Packages. CVSS Score: 2.7 CVSS Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-2625 BugTraq ID: 53650 http://www.securityfocus.com/bid/53650 http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817 http://www.openwall.com/lists/oss-security/2012/10/26/3 RedHat Security Advisories: RHSA-2012:1130 http://rhn.redhat.com/errata/RHSA-2012-1130.html http://www.securitytracker.com/id?1027090 http://secunia.com/advisories/49184 http://secunia.com/advisories/51413 SuSE Security Announcement: SUSE-SU-2012:1043 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html SuSE Security Announcement: SUSE-SU-2012:1044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html SuSE Security Announcement: SUSE-SU-2012:1135 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html SuSE Security Announcement: openSUSE-SU-2012:1172 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1174 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |