Lucene search

K

Fedora 23 : xen-4.5.3-2.fc23 (2016-35d7b09908)

πŸ—“οΈΒ 02 May 2016Β 00:00:00Reported byΒ This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 24Β Views

Fedora 23 xen-4.5.3-2.fc23 security updat

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Fedora
[SECURITY] Fedora 23 Update: xen-4.5.3-2.fc23
30 Apr 201600:29
–fedora
Fedora
[SECURITY] Fedora 22 Update: xen-4.5.3-2.fc22
1 May 201600:24
–fedora
Fedora
[SECURITY] Fedora 24 Update: xen-4.6.1-6.fc24
7 May 201613:29
–fedora
Fedora
[SECURITY] Fedora 23 Update: qemu-2.4.1-9.fc23
15 May 201605:33
–fedora
Fedora
[SECURITY] Fedora 22 Update: qemu-2.3.1-14.fc22
20 May 201623:53
–fedora
Fedora
[SECURITY] Fedora 23 Update: qemu-2.4.1-11.fc23
2 Jul 201619:35
–fedora
Fedora
[SECURITY] Fedora 22 Update: qemu-2.3.1-16.fc22
2 Jul 201619:29
–fedora
Fedora
[SECURITY] Fedora 24 Update: qemu-2.6.0-4.fc24
25 Jun 201619:31
–fedora
Tenable Nessus
Fedora 24 : xen-4.6.1-6.fc24 (2016-48e72b7bc5)
9 May 201600:00
–nessus
Tenable Nessus
Fedora 22 : xen-4.5.3-2.fc22 (2016-75063477ca)
2 May 201600:00
–nessus
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2016-35d7b09908.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(90811);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-3960", "CVE-2016-4001", "CVE-2016-4002", "CVE-2016-4037");
  script_xref(name:"FEDORA", value:"2016-35d7b09908");

  script_name(english:"Fedora 23 : xen-4.5.3-2.fc23 (2016-35d7b09908)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"x86 shadow pagetables: address width overflow [XSA-173, CVE-2016-3960]
Qemu: net: buffer overflow in stellaris_enet emulator [CVE-2016-4001]
Qemu: net: buffer overflow in MIPSnet emulator [CVE-2016-4002] qemu:
Infinite loop vulnerability in usb_ehci using siTD process
[CVE-2016-4037]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1323955"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1325129"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1325884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1326082"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0b7399cb"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC23", reference:"xen-4.5.3-2.fc23")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo