Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.1154.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1154-1)
Summary:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2016:1154-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2016:1154-1 advisory.

Vulnerability Insight:
xen was updated to fix 27 security issues.
These security issues were fixed:
- CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in
hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or
possibly execute arbitrary code via a crafted s->rx_level value in a
savevm image (bsc#864655).
- CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote
attackers to cause a denial of service or possibly execute arbitrary
code via vectors related to IRQDest elements (bsc#864811).
- CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed
remote attackers to execute arbitrary code via a crafted arglen value in
a savevm image (bsc#864391).
- CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in
hw/display/ssd0323.c allowed remote attackers to cause a denial of
service (memory corruption) or possibly execute arbitrary code via
crafted (1) cmd_len, (2) row, or (3) col values, (4) row_start and
row_end values, or (5) col_star and col_end values in a savevm image
(bsc#864769).
- CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in
hw/input/tsc210x.c might have allowed remote attackers to execute
arbitrary code via a crafted (1) precision, (2) nextprecision, (3)
function, or (4) nextfunction value in a savevm image (bsc#864805).
- CVE-2014-0222: Integer overflow in the qcow_open function in
block/qcow.c allowed remote attackers to cause a denial of service
(crash) via a large L2 table in a QCOW version 1 image (bsc#877642).
- CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users
to cause a denial of service (NULL pointer dereference) by sending a udp
packet with a value of 0 in the source port and address, which triggers
access of an uninitialized socket (bsc#897654).
- CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed
local guest users to write to qemu memory locations and gain privileges
via unspecified parameters related to rectangle handling (bsc#901508).
- CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote
attackers to cause a denial of service (crash) via a small
bytes_per_pixel value (bsc#902737).
- CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
- CVE-2015-7512: Buffer overflow in the pcnet_receive function in
hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote
attackers to cause a denial of service (guest OS crash) or execute
arbitrary code via a large packet (bsc#957162).
- CVE-2015-8504: VNC: floating point exception (bsc#958491).
- CVE-2015-8550: Paravirtualized drivers were incautious about shared
memory contents (XSA-155) (bsc#957988).
- CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164)
(bsc#958007).
- CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization
(XSA-165) (bsc#958009).
- CVE-2015-8558: Infinite loop in ehci_advance_state re... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Server 11-SP2

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4533
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html
http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4534
Common Vulnerability Exposure (CVE) ID: CVE-2013-4537
Common Vulnerability Exposure (CVE) ID: CVE-2013-4538
Common Vulnerability Exposure (CVE) ID: CVE-2013-4539
Common Vulnerability Exposure (CVE) ID: CVE-2014-0222
BugTraq ID: 67357
http://www.securityfocus.com/bid/67357
Debian Security Information: DSA-3044 (Google Search)
http://www.debian.org/security/2014/dsa-3044
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
SuSE Security Announcement: SUSE-SU-2015:0929 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
SuSE Security Announcement: openSUSE-SU-2015:1965 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3640
Debian Security Information: DSA-3045 (Google Search)
http://www.debian.org/security/2014/dsa-3045
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html
RedHat Security Advisories: RHSA-2015:0349
http://rhn.redhat.com/errata/RHSA-2015-0349.html
RedHat Security Advisories: RHSA-2015:0624
http://rhn.redhat.com/errata/RHSA-2015-0624.html
http://www.ubuntu.com/usn/USN-2409-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3689
Debian Security Information: DSA-3066 (Google Search)
http://www.debian.org/security/2014/dsa-3066
Debian Security Information: DSA-3067 (Google Search)
http://www.debian.org/security/2014/dsa-3067
https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html
http://www.osvdb.org/114397
http://secunia.com/advisories/60923
http://secunia.com/advisories/62143
http://secunia.com/advisories/62144
Common Vulnerability Exposure (CVE) ID: CVE-2014-7815
http://secunia.com/advisories/61484
SuSE Security Announcement: SUSE-SU-2015:1782 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-5278
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
http://www.openwall.com/lists/oss-security/2015/09/15/2
http://www.ubuntu.com/usn/USN-2745-1
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7512
BugTraq ID: 78230
http://www.securityfocus.com/bid/78230
Debian Security Information: DSA-3469 (Google Search)
http://www.debian.org/security/2016/dsa-3469
Debian Security Information: DSA-3470 (Google Search)
http://www.debian.org/security/2016/dsa-3470
Debian Security Information: DSA-3471 (Google Search)
http://www.debian.org/security/2016/dsa-3471
https://security.gentoo.org/glsa/201602-01
http://www.openwall.com/lists/oss-security/2015/11/30/3
RedHat Security Advisories: RHSA-2015:2694
http://rhn.redhat.com/errata/RHSA-2015-2694.html
RedHat Security Advisories: RHSA-2015:2695
http://rhn.redhat.com/errata/RHSA-2015-2695.html
RedHat Security Advisories: RHSA-2015:2696
http://rhn.redhat.com/errata/RHSA-2015-2696.html
http://www.securitytracker.com/id/1034527
Common Vulnerability Exposure (CVE) ID: CVE-2015-8504
BugTraq ID: 78708
http://www.securityfocus.com/bid/78708
http://www.openwall.com/lists/oss-security/2015/12/08/7
Common Vulnerability Exposure (CVE) ID: CVE-2015-8550
BugTraq ID: 79592
http://www.securityfocus.com/bid/79592
Debian Security Information: DSA-3434 (Google Search)
http://www.debian.org/security/2016/dsa-3434
Debian Security Information: DSA-3519 (Google Search)
http://www.debian.org/security/2016/dsa-3519
https://security.gentoo.org/glsa/201604-03
http://www.securitytracker.com/id/1034479
SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8554
BugTraq ID: 79579
http://www.securityfocus.com/bid/79579
http://www.securitytracker.com/id/1034481
Common Vulnerability Exposure (CVE) ID: CVE-2015-8555
BugTraq ID: 79543
http://www.securityfocus.com/bid/79543
http://www.securitytracker.com/id/1034477
Common Vulnerability Exposure (CVE) ID: CVE-2015-8558
BugTraq ID: 80694
http://www.securityfocus.com/bid/80694
http://www.openwall.com/lists/oss-security/2015/12/14/9
http://www.openwall.com/lists/oss-security/2015/12/14/16
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8743
BugTraq ID: 79820
http://www.securityfocus.com/bid/79820
http://www.openwall.com/lists/oss-security/2016/01/04/1
http://www.openwall.com/lists/oss-security/2016/01/04/2
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
http://www.securitytracker.com/id/1034574
Common Vulnerability Exposure (CVE) ID: CVE-2015-8745
BugTraq ID: 79822
http://www.securityfocus.com/bid/79822
http://www.openwall.com/lists/oss-security/2016/01/04/4
http://www.openwall.com/lists/oss-security/2016/01/04/7
http://www.securitytracker.com/id/1034575
Common Vulnerability Exposure (CVE) ID: CVE-2016-1570
http://www.securitytracker.com/id/1034744
Common Vulnerability Exposure (CVE) ID: CVE-2016-1571
http://www.securitytracker.com/id/1034745
Common Vulnerability Exposure (CVE) ID: CVE-2016-1714
BugTraq ID: 80250
http://www.securityfocus.com/bid/80250
https://security.gentoo.org/glsa/201604-01
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
http://www.openwall.com/lists/oss-security/2016/01/11/7
http://www.openwall.com/lists/oss-security/2016/01/12/10
http://www.openwall.com/lists/oss-security/2016/01/12/11
RedHat Security Advisories: RHSA-2016:0081
http://rhn.redhat.com/errata/RHSA-2016-0081.html
RedHat Security Advisories: RHSA-2016:0082
http://rhn.redhat.com/errata/RHSA-2016-0082.html
RedHat Security Advisories: RHSA-2016:0083
http://rhn.redhat.com/errata/RHSA-2016-0083.html
RedHat Security Advisories: RHSA-2016:0084
http://rhn.redhat.com/errata/RHSA-2016-0084.html
RedHat Security Advisories: RHSA-2016:0085
http://rhn.redhat.com/errata/RHSA-2016-0085.html
RedHat Security Advisories: RHSA-2016:0086
http://rhn.redhat.com/errata/RHSA-2016-0086.html
RedHat Security Advisories: RHSA-2016:0087
http://rhn.redhat.com/errata/RHSA-2016-0087.html
RedHat Security Advisories: RHSA-2016:0088
http://rhn.redhat.com/errata/RHSA-2016-0088.html
http://www.securitytracker.com/id/1034858
Common Vulnerability Exposure (CVE) ID: CVE-2016-1981
BugTraq ID: 81549
http://www.securityfocus.com/bid/81549
http://www.openwall.com/lists/oss-security/2016/01/19/10
http://www.openwall.com/lists/oss-security/2016/01/22/1
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
RedHat Security Advisories: RHSA-2016:2585
http://rhn.redhat.com/errata/RHSA-2016-2585.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2270
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html
http://www.securitytracker.com/id/1035042
Common Vulnerability Exposure (CVE) ID: CVE-2016-2271
http://www.securitytracker.com/id/1035043
Common Vulnerability Exposure (CVE) ID: CVE-2016-2391
BugTraq ID: 83263
http://www.securityfocus.com/bid/83263
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://www.openwall.com/lists/oss-security/2016/02/16/2
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
http://www.ubuntu.com/usn/USN-2974-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2841
BugTraq ID: 84028
http://www.securityfocus.com/bid/84028
https://security.gentoo.org/glsa/201609-01
http://www.openwall.com/lists/oss-security/2016/03/02/8
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html
http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.