Fedora 22 xen-4.5.3-2.fc22 security vulnerabilitie
Reporter | Title | Published | Views | Family All 132 |
---|---|---|---|---|
Fedora | [SECURITY] Fedora 22 Update: xen-4.5.3-2.fc22 | 1 May 201600:24 | β | fedora |
Fedora | [SECURITY] Fedora 23 Update: xen-4.5.3-2.fc23 | 30 Apr 201600:29 | β | fedora |
Fedora | [SECURITY] Fedora 24 Update: xen-4.6.1-6.fc24 | 7 May 201613:29 | β | fedora |
Fedora | [SECURITY] Fedora 23 Update: qemu-2.4.1-9.fc23 | 15 May 201605:33 | β | fedora |
Fedora | [SECURITY] Fedora 22 Update: qemu-2.3.1-14.fc22 | 20 May 201623:53 | β | fedora |
Fedora | [SECURITY] Fedora 23 Update: qemu-2.4.1-11.fc23 | 2 Jul 201619:35 | β | fedora |
Fedora | [SECURITY] Fedora 22 Update: qemu-2.3.1-16.fc22 | 2 Jul 201619:29 | β | fedora |
Fedora | [SECURITY] Fedora 24 Update: qemu-2.6.0-4.fc24 | 25 Jun 201619:31 | β | fedora |
Tenable Nessus | Fedora 24 : xen-4.6.1-6.fc24 (2016-48e72b7bc5) | 9 May 201600:00 | β | nessus |
Tenable Nessus | Fedora 23 : xen-4.5.3-2.fc23 (2016-35d7b09908) | 2 May 201600:00 | β | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2016-75063477ca.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(90814);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-3960", "CVE-2016-4001", "CVE-2016-4002", "CVE-2016-4037");
script_xref(name:"FEDORA", value:"2016-75063477ca");
script_name(english:"Fedora 22 : xen-4.5.3-2.fc22 (2016-75063477ca)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"x86 shadow pagetables: address width overflow [XSA-173, CVE-2016-3960]
Qemu: net: buffer overflow in stellaris_enet emulator [CVE-2016-4001]
Qemu: net: buffer overflow in MIPSnet emulator [CVE-2016-4002] qemu:
Infinite loop vulnerability in usb_ehci using siTD process
[CVE-2016-4037]
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1323955"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1325129"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1325884"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1326082"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?291c084c"
);
script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"xen-4.5.3-2.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo