Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.1044.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:1044-1)
Summary:The remote host is missing an update for the 'Xen ' package(s) announced via the SUSE-SU-2012:1044-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Xen ' package(s) announced via the SUSE-SU-2012:1044-1 advisory.

Vulnerability Insight:
Xen was updated to fix several security issues:

*

CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host.

*

CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed.

*

CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash).

Also the following bug in XEN was fixed:

* bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory

This update also included bugfixes for:

* vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest

Security Issue references:

* CVE-2012-3432
>
* CVE-2012-3433
>
* CVE-2012-2625
>

Affected Software/OS:
'Xen ' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Desktop 11 SP1

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2625
BugTraq ID: 53650
http://www.securityfocus.com/bid/53650
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817
http://www.openwall.com/lists/oss-security/2012/10/26/3
RedHat Security Advisories: RHSA-2012:1130
http://rhn.redhat.com/errata/RHSA-2012-1130.html
http://www.securitytracker.com/id?1027090
http://secunia.com/advisories/49184
http://secunia.com/advisories/51413
SuSE Security Announcement: SUSE-SU-2012:1043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
SuSE Security Announcement: SUSE-SU-2012:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
SuSE Security Announcement: SUSE-SU-2012:1135 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
SuSE Security Announcement: openSUSE-SU-2012:1172 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1174 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3432
BugTraq ID: 54691
http://www.securityfocus.com/bid/54691
Debian Security Information: DSA-2531 (Google Search)
http://www.debian.org/security/2012/dsa-2531
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
http://secunia.com/advisories/55082
Common Vulnerability Exposure (CVE) ID: CVE-2012-3433
BugTraq ID: 54942
http://www.securityfocus.com/bid/54942
http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
http://www.openwall.com/lists/oss-security/2012/08/09/3
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.