Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.2100.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:2100-1)
Summary:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2016:2100-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2016:2100-1 advisory.

Vulnerability Insight:
This update for xen fixes the several issues.
These security issues were fixed:
- CVE-2014-3672: The qemu implementation in libvirt Xen allowed local
guest OS users to cause a denial of service (host disk consumption) by
writing to stdout or stderr (bsc#981264).
- CVE-2016-3158: The xrstor function did not properly handle writes to the
hardware FSW.ES bit when running on AMD64 processors, which allowed
local guest OS users to obtain sensitive register content information
from another guest by leveraging pending exception and mask bits
(bsc#973188).
- CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not
properly handle writes to the hardware FSW.ES bit when running on AMD64
processors, which allowed local guest OS users to obtain sensitive
register content information from another guest by leveraging pending
exception and mask bits (bsc#973188).
- CVE-2016-3710: The VGA module improperly performed bounds checking on
banked access to video memory, which allowed local guest OS
administrators to execute arbitrary code on the host by changing access
modes after setting the bank register, aka the 'Dark Portal' issue
(bsc#978164).
- CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed
local guest OS users to cause a denial of service (host crash) or
possibly gain privileges by shadowing a superpage mapping (bsc#974038).
- CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function,
when the Stellaris ethernet controller is configured to accept large
packets, allowed remote attackers to cause a denial of service (QEMU
crash) via a large packet (bsc#975130).
- CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the
guest NIC is configured to accept large packets, allowed remote
attackers to cause a denial of service (memory corruption and QEMU
crash) or possibly execute arbitrary code via a packet larger than 1514
bytes (bsc#975138).
- CVE-2016-4020: The patch_instruction function did not initialize the
imm32 variable, which allowed local guest OS administrators to obtain
sensitive information from host stack memory by accessing the Task
Priority Register (TPR) (bsc#975907).
- CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c
allowed local guest OS administrators to cause a denial of service
(infinite loop and CPU consumption) via a circular split isochronous
transfer descriptor (siTD) list (bsc#976111).
- CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI
Controller (FSC) support did not properly check command buffer length,
which allowed local guest OS administrators to cause a denial of service
(out-of-bounds write and QEMU process crash) or potentially execute
arbitrary code on the host via unspecified vectors (bsc#980716).
- CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller
(FSC) support did not properly check DMA length, which allo... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3672
http://www.openwall.com/lists/oss-security/2016/05/24/5
http://www.securitytracker.com/id/1035945
Common Vulnerability Exposure (CVE) ID: CVE-2016-3158
BugTraq ID: 85714
http://www.securityfocus.com/bid/85714
Debian Security Information: DSA-3554 (Google Search)
http://www.debian.org/security/2016/dsa-3554
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
http://www.securitytracker.com/id/1035435
Common Vulnerability Exposure (CVE) ID: CVE-2016-3159
BugTraq ID: 85716
http://www.securityfocus.com/bid/85716
Common Vulnerability Exposure (CVE) ID: CVE-2016-3710
BugTraq ID: 90316
http://www.securityfocus.com/bid/90316
Debian Security Information: DSA-3573 (Google Search)
http://www.debian.org/security/2016/dsa-3573
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html
http://www.openwall.com/lists/oss-security/2016/05/09/3
RedHat Security Advisories: RHSA-2016:0724
http://rhn.redhat.com/errata/RHSA-2016-0724.html
RedHat Security Advisories: RHSA-2016:0725
http://rhn.redhat.com/errata/RHSA-2016-0725.html
RedHat Security Advisories: RHSA-2016:0997
http://rhn.redhat.com/errata/RHSA-2016-0997.html
RedHat Security Advisories: RHSA-2016:0999
http://rhn.redhat.com/errata/RHSA-2016-0999.html
RedHat Security Advisories: RHSA-2016:1000
http://rhn.redhat.com/errata/RHSA-2016-1000.html
RedHat Security Advisories: RHSA-2016:1001
http://rhn.redhat.com/errata/RHSA-2016-1001.html
RedHat Security Advisories: RHSA-2016:1002
http://rhn.redhat.com/errata/RHSA-2016-1002.html
RedHat Security Advisories: RHSA-2016:1019
http://rhn.redhat.com/errata/RHSA-2016-1019.html
RedHat Security Advisories: RHSA-2016:1224
https://access.redhat.com/errata/RHSA-2016:1224
RedHat Security Advisories: RHSA-2016:1943
http://rhn.redhat.com/errata/RHSA-2016-1943.html
http://www.securitytracker.com/id/1035794
http://www.ubuntu.com/usn/USN-2974-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-3960
BugTraq ID: 86318
http://www.securityfocus.com/bid/86318
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
http://www.securitytracker.com/id/1035587
Common Vulnerability Exposure (CVE) ID: CVE-2016-4001
BugTraq ID: 85976
http://www.securityfocus.com/bid/85976
https://security.gentoo.org/glsa/201609-01
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
http://www.openwall.com/lists/oss-security/2016/04/11/4
http://www.openwall.com/lists/oss-security/2016/04/12/6
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4002
BugTraq ID: 85992
http://www.securityfocus.com/bid/85992
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
http://www.openwall.com/lists/oss-security/2016/04/11/6
http://www.openwall.com/lists/oss-security/2016/04/12/7
Common Vulnerability Exposure (CVE) ID: CVE-2016-4020
BugTraq ID: 86067
http://www.securityfocus.com/bid/86067
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
RedHat Security Advisories: RHSA-2017:1856
https://access.redhat.com/errata/RHSA-2017:1856
RedHat Security Advisories: RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2392
RedHat Security Advisories: RHSA-2017:2408
https://access.redhat.com/errata/RHSA-2017:2408
Common Vulnerability Exposure (CVE) ID: CVE-2016-4037
BugTraq ID: 86283
http://www.securityfocus.com/bid/86283
http://www.openwall.com/lists/oss-security/2016/04/18/3
http://www.openwall.com/lists/oss-security/2016/04/18/6
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4439
BugTraq ID: 90760
http://www.securityfocus.com/bid/90760
http://www.openwall.com/lists/oss-security/2016/05/19/3
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
http://www.ubuntu.com/usn/USN-3047-1
http://www.ubuntu.com/usn/USN-3047-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-4441
BugTraq ID: 90762
http://www.securityfocus.com/bid/90762
http://www.openwall.com/lists/oss-security/2016/05/19/4
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4453
BugTraq ID: 90928
http://www.securityfocus.com/bid/90928
http://www.openwall.com/lists/oss-security/2016/05/30/2
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4454
BugTraq ID: 90927
http://www.securityfocus.com/bid/90927
http://www.openwall.com/lists/oss-security/2016/05/30/3
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4952
http://www.openwall.com/lists/oss-security/2016/05/23/1
http://www.openwall.com/lists/oss-security/2016/05/23/4
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4962
BugTraq ID: 91006
http://www.securityfocus.com/bid/91006
Debian Security Information: DSA-3633 (Google Search)
http://www.debian.org/security/2016/dsa-3633
http://www.securitytracker.com/id/1036023
Common Vulnerability Exposure (CVE) ID: CVE-2016-4963
https://lists.debian.org/debian-lts-announce/2018/09/msg00006.html
http://www.securitytracker.com/id/1036024
Common Vulnerability Exposure (CVE) ID: CVE-2016-5105
http://www.openwall.com/lists/oss-security/2016/05/25/5
http://www.openwall.com/lists/oss-security/2016/05/26/7
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5106
http://www.openwall.com/lists/oss-security/2016/05/25/6
http://www.openwall.com/lists/oss-security/2016/05/26/8
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5107
BugTraq ID: 90874
http://www.securityfocus.com/bid/90874
http://www.openwall.com/lists/oss-security/2016/05/25/7
http://www.openwall.com/lists/oss-security/2016/05/26/9
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5126
BugTraq ID: 90948
http://www.securityfocus.com/bid/90948
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
http://www.openwall.com/lists/oss-security/2016/05/30/6
http://www.openwall.com/lists/oss-security/2016/05/30/7
https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
RedHat Security Advisories: RHSA-2016:1606
http://rhn.redhat.com/errata/RHSA-2016-1606.html
RedHat Security Advisories: RHSA-2016:1607
http://rhn.redhat.com/errata/RHSA-2016-1607.html
RedHat Security Advisories: RHSA-2016:1653
http://rhn.redhat.com/errata/RHSA-2016-1653.html
RedHat Security Advisories: RHSA-2016:1654
http://rhn.redhat.com/errata/RHSA-2016-1654.html
RedHat Security Advisories: RHSA-2016:1655
http://rhn.redhat.com/errata/RHSA-2016-1655.html
RedHat Security Advisories: RHSA-2016:1756
http://rhn.redhat.com/errata/RHSA-2016-1756.html
RedHat Security Advisories: RHSA-2016:1763
http://rhn.redhat.com/errata/RHSA-2016-1763.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5238
BugTraq ID: 90995
http://www.securityfocus.com/bid/90995
http://www.openwall.com/lists/oss-security/2016/06/02/2
http://www.openwall.com/lists/oss-security/2016/06/02/9
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5337
BugTraq ID: 91097
http://www.securityfocus.com/bid/91097
http://www.openwall.com/lists/oss-security/2016/06/08/3
http://www.openwall.com/lists/oss-security/2016/06/08/13
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5338
BugTraq ID: 91079
http://www.securityfocus.com/bid/91079
http://www.openwall.com/lists/oss-security/2016/06/07/3
http://www.openwall.com/lists/oss-security/2016/06/08/14
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5403
BugTraq ID: 92148
http://www.securityfocus.com/bid/92148
RedHat Security Advisories: RHSA-2016:1585
http://rhn.redhat.com/errata/RHSA-2016-1585.html
RedHat Security Advisories: RHSA-2016:1586
http://rhn.redhat.com/errata/RHSA-2016-1586.html
RedHat Security Advisories: RHSA-2016:1652
http://rhn.redhat.com/errata/RHSA-2016-1652.html
http://www.securitytracker.com/id/1036476
Common Vulnerability Exposure (CVE) ID: CVE-2016-6258
BugTraq ID: 92131
http://www.securityfocus.com/bid/92131
https://security.gentoo.org/glsa/201611-09
http://www.securitytracker.com/id/1036446
Common Vulnerability Exposure (CVE) ID: CVE-2016-6351
BugTraq ID: 92119
http://www.securityfocus.com/bid/92119
http://www.openwall.com/lists/oss-security/2016/07/25/14
http://www.openwall.com/lists/oss-security/2016/07/26/7
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.