ID OPENVAS:1361412562310881594 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for xen CESA-2013:0241 centos5
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2013-February/019230.html");
script_oid("1.3.6.1.4.1.25623.1.0.881594");
script_version("$Revision: 14222 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2013-02-08 10:16:15 +0530 (Fri, 08 Feb 2013)");
script_cve_id("CVE-2012-4544");
script_tag(name:"cvss_base", value:"2.1");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name:"CESA", value:"2013:0241");
script_name("CentOS Update for xen CESA-2013:0241 centos5");
script_tag(name:"summary", value:"The remote host is missing an update for the 'xen'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
script_tag(name:"affected", value:"xen on CentOS 5");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.
A flaw was found in the way libxc, the Xen control library, handled
excessively large kernel and ramdisk images when starting new guests. A
privileged guest user in a para-virtualized guest (a DomU) could create a
crafted kernel or ramdisk image that, when attempting to use it during
guest start, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-4544)
Red Hat would like to thank the Xen project for reporting this issue.
All users of xen are advised to upgrade to these updated packages, which
correct this issue. After installing the updated packages, the xend service
must be restarted for this update to take effect.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"xen", rpm:"xen~3.0.3~142.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-devel", rpm:"xen-devel~3.0.3~142.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs", rpm:"xen-libs~3.0.3~142.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310881594", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for xen CESA-2013:0241 centos5", "description": "The remote host is missing an update for the ", "published": "2013-02-08T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881594", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["2013:0241", "http://lists.centos.org/pipermail/centos-announce/2013-February/019230.html"], "cvelist": ["CVE-2012-4544"], "lastseen": "2019-05-29T18:38:16", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0241", "CVE-2012-4544"]}, {"type": "openvas", "idList": ["OPENVAS:881594", "OPENVAS:864862", "OPENVAS:850374", "OPENVAS:1361412562310123730", "OPENVAS:892636", "OPENVAS:870902", "OPENVAS:1361412562310864860", "OPENVAS:1361412562310870902", "OPENVAS:1361412562310892636", "OPENVAS:864860"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0241"]}, {"type": "redhat", "idList": ["RHSA-2013:0241"]}, {"type": "centos", "idList": ["CESA-2013:0241"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2013-0241.NASL", "FEDORA_2012-17204.NASL", "SUSE_11_XEN-201211-121102.NASL", "DEBIAN_DSA-2636.NASL", "REDHAT-RHSA-2013-0241.NASL", "SL_20130207_XEN_ON_SL5_X.NASL", "CENTOS_RHSA-2013-0241.NASL", "FEDORA_2012-17408.NASL", "SUSE_SU-2012-1487-1.NASL", "FEDORA_2012-17135.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29165", "SECURITYVULNS:VULN:12940"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2636-2:33EAF", "DEBIAN:DSA-2636-1:3E888"]}, {"type": "suse", "idList": ["SUSE-SU-2012:1503-1", "OPENSUSE-SU-2012:1572-1", "SUSE-SU-2012:1486-1", "SUSE-SU-2014:0411-1", "SUSE-SU-2012:1487-1", "SUSE-SU-2014:0470-1", "SUSE-SU-2014:0446-1", "OPENSUSE-SU-2012:1573-1"]}], "modified": "2019-05-29T18:38:16", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:38:16", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "1361412562310881594", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xen CESA-2013:0241 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-February/019230.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881594\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-08 10:16:15 +0530 (Fri, 08 Feb 2013)\");\n script_cve_id(\"CVE-2012-4544\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0241\");\n script_name(\"CentOS Update for xen CESA-2013:0241 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"xen on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way libxc, the Xen control library, handled\n excessively large kernel and ramdisk images when starting new guests. A\n privileged guest user in a para-virtualized guest (a DomU) could create a\n crafted kernel or ramdisk image that, when attempting to use it during\n guest start, could result in an out-of-memory condition in the privileged\n domain (the Dom0). (CVE-2012-4544)\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, the xend service\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~142.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~142.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~142.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks"}
{"cve": [{"lastseen": "2020-11-29T23:13:02", "description": "The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.", "edition": 4, "cvss3": {}, "published": "2012-10-31T16:55:00", "title": "CVE-2012-4544", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4544"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.1.2"], "id": "CVE-2012-4544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4544", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-27T10:51:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "description": "Check for the Version of xen", "modified": "2017-07-12T00:00:00", "published": "2013-02-08T00:00:00", "id": "OPENVAS:870902", "href": "http://plugins.openvas.org/nasl.php?oid=870902", "type": "openvas", "title": "RedHat Update for xen RHSA-2013:0241-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2013:0241-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way libxc, the Xen control library, handled\n excessively large kernel and ramdisk images when starting new guests. A\n privileged guest user in a para-virtualized guest (a DomU) could create a\n crafted kernel or ramdisk image that, when attempting to use it during\n guest start, could result in an out-of-memory condition in the privileged\n domain (the Dom0). (CVE-2012-4544)\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, the xend service\n must be restarted for this update to take effect.\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"xen on Red Hat Enterprise Linux (v. 5 server)\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00011.html\");\n script_id(870902);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-08 10:15:48 +0530 (Fri, 08 Feb 2013)\");\n script_cve_id(\"CVE-2012-4544\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:0241-01\");\n script_name(\"RedHat Update for xen RHSA-2013:0241-01\");\n\n script_summary(\"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~142.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~142.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-02-08T00:00:00", "id": "OPENVAS:1361412562310870902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870902", "type": "openvas", "title": "RedHat Update for xen RHSA-2013:0241-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2013:0241-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"xen on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way libxc, the Xen control library, handled\n excessively large kernel and ramdisk images when starting new guests. A\n privileged guest user in a para-virtualized guest (a DomU) could create a\n crafted kernel or ramdisk image that, when attempting to use it during\n guest start, could result in an out-of-memory condition in the privileged\n domain (the Dom0). (CVE-2012-4544)\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, the xend service\n must be restarted for this update to take effect.\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870902\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-08 10:15:48 +0530 (Fri, 08 Feb 2013)\");\n script_cve_id(\"CVE-2012-4544\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:0241-01\");\n script_name(\"RedHat Update for xen RHSA-2013:0241-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~142.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~142.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-23T13:09:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "description": "Check for the Version of xen", "modified": "2018-01-23T00:00:00", "published": "2013-02-08T00:00:00", "id": "OPENVAS:881594", "href": "http://plugins.openvas.org/nasl.php?oid=881594", "type": "openvas", "title": "CentOS Update for xen CESA-2013:0241 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xen CESA-2013:0241 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way libxc, the Xen control library, handled\n excessively large kernel and ramdisk images when starting new guests. A\n privileged guest user in a para-virtualized guest (a DomU) could create a\n crafted kernel or ramdisk image that, when attempting to use it during\n guest start, could result in an out-of-memory condition in the privileged\n domain (the Dom0). (CVE-2012-4544)\n \n Red Hat would like to thank the Xen project for reporting this issue.\n \n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, the xend service\n must be restarted for this update to take effect.\";\n\n\ntag_affected = \"xen on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019230.html\");\n script_id(881594);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-08 10:16:15 +0530 (Fri, 08 Feb 2013)\");\n script_cve_id(\"CVE-2012-4544\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0241\");\n script_name(\"CentOS Update for xen CESA-2013:0241 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~142.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~142.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~142.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "description": "Oracle Linux Local Security Checks ELSA-2013-0241", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123730", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0241.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123730\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:47 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0241\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0241 - xen security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0241\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0241.html\");\n script_cve_id(\"CVE-2012-4544\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~142.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~142.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~142.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:52:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2012-4544 \nInsufficient validation of kernel or ramdisk sizes in the Xen PV\ndomain builder could result in denial of service.\n\nCVE-2012-5511 \nSeveral HVM control operations performed insufficient validation of\ninput, which could result in denial of service through resource\nexhaustion.\n\nCVE-2012-5634 \nIncorrect interrupt handling when using VT-d hardware could result\nin denial of service.\n\nCVE-2013-0153 \nInsufficient restriction of interrupt access could result in denial\nof service.", "modified": "2017-07-07T00:00:00", "published": "2013-03-03T00:00:00", "id": "OPENVAS:892636", "href": "http://plugins.openvas.org/nasl.php?oid=892636", "type": "openvas", "title": "Debian Security Advisory DSA 2636-2 (xen - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2636.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2636-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"xen on Debian Linux\";\ntag_insight = \"Xen is a hypervisor providing services that allow multiple computer operating\nsystems to execute on the same computer hardware concurrently.\";\ntag_solution = \"For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.8.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.1.4-2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.1.4-2.\n\nWe recommend that you upgrade your xen packages.\";\ntag_summary = \"Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2012-4544 \nInsufficient validation of kernel or ramdisk sizes in the Xen PV\ndomain builder could result in denial of service.\n\nCVE-2012-5511 \nSeveral HVM control operations performed insufficient validation of\ninput, which could result in denial of service through resource\nexhaustion.\n\nCVE-2012-5634 \nIncorrect interrupt handling when using VT-d hardware could result\nin denial of service.\n\nCVE-2013-0153 \nInsufficient restriction of interrupt access could result in denial\nof service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892636);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-5511\", \"CVE-2012-5634\", \"CVE-2012-4544\", \"CVE-2013-0153\");\n script_name(\"Debian Security Advisory DSA 2636-2 (xen - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-03-03 00:00:00 +0100 (Sun, 03 Mar 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.1\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2636.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-docs-4.0\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-amd64\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-i386\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-4.0\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.0.1-5.8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.4-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2012-4544\nInsufficient validation of kernel or ramdisk sizes in the Xen PV\ndomain builder could result in denial of service.\n\nCVE-2012-5511\nSeveral HVM control operations performed insufficient validation of\ninput, which could result in denial of service through resource\nexhaustion.\n\nCVE-2012-5634\nIncorrect interrupt handling when using VT-d hardware could result\nin denial of service.\n\nCVE-2013-0153\nInsufficient restriction of interrupt access could result in denial\nof service.", "modified": "2019-03-18T00:00:00", "published": "2013-03-03T00:00:00", "id": "OPENVAS:1361412562310892636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892636", "type": "openvas", "title": "Debian Security Advisory DSA 2636-2 (xen - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2636.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2636-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892636\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-5511\", \"CVE-2012-5634\", \"CVE-2012-4544\", \"CVE-2013-0153\");\n script_name(\"Debian Security Advisory DSA 2636-2 (xen - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-03 00:00:00 +0100 (Sun, 03 Mar 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2636.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.8.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.1.4-2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.1.4-2.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2012-4544\nInsufficient validation of kernel or ramdisk sizes in the Xen PV\ndomain builder could result in denial of service.\n\nCVE-2012-5511\nSeveral HVM control operations performed insufficient validation of\ninput, which could result in denial of service through resource\nexhaustion.\n\nCVE-2012-5634\nIncorrect interrupt handling when using VT-d hardware could result\nin denial of service.\n\nCVE-2013-0153\nInsufficient restriction of interrupt access could result in denial\nof service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.0\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-amd64\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-i386\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.0\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.0.1-5.8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.4-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-02T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-3494", "CVE-2012-4411", "CVE-2012-0217", "CVE-2012-3495", "CVE-2012-3498", "CVE-2012-0218", "CVE-2012-3515", "CVE-2012-2934", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-4544", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2018-01-02T00:00:00", "published": "2012-11-15T00:00:00", "id": "OPENVAS:864860", "href": "http://plugins.openvas.org/nasl.php?oid=864860", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-17204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-17204\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 17\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html\");\n script_id(864860);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:38:40 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4544\", \"CVE-2012-4411\", \"CVE-2012-3494\", \"CVE-2012-3495\",\n \"CVE-2012-3496\", \"CVE-2012-3498\", \"CVE-2012-3515\", \"CVE-2012-3433\",\n \"CVE-2012-3432\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-17204\");\n script_name(\"Fedora Update for xen FEDORA-2012-17204\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-3494", "CVE-2012-4411", "CVE-2012-0217", "CVE-2012-3495", "CVE-2012-3498", "CVE-2012-0218", "CVE-2012-3515", "CVE-2012-2934", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-4544", "CVE-2012-3432"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-15T00:00:00", "id": "OPENVAS:1361412562310864860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864860", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-17204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-17204\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864860\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:38:40 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4544\", \"CVE-2012-4411\", \"CVE-2012-3494\", \"CVE-2012-3495\",\n \"CVE-2012-3496\", \"CVE-2012-3498\", \"CVE-2012-3515\", \"CVE-2012-3433\",\n \"CVE-2012-3432\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-17204\");\n script_name(\"Fedora Update for xen FEDORA-2012-17204\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xen on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-3494", "CVE-2012-0029", "CVE-2012-4411", "CVE-2012-0217", "CVE-2012-3495", "CVE-2012-3498", "CVE-2012-0218", "CVE-2012-3515", "CVE-2012-2934", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-4544", "CVE-2012-3432"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-11-15T00:00:00", "id": "OPENVAS:1361412562310864862", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864862", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-17408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-17408\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864862\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:39:03 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4544\", \"CVE-2012-3494\", \"CVE-2012-3495\", \"CVE-2012-3496\",\n \"CVE-2012-3498\", \"CVE-2012-3515\", \"CVE-2012-4411\", \"CVE-2012-3433\",\n \"CVE-2012-3432\", \"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\",\n \"CVE-2012-2934\", \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-17408\");\n script_name(\"Fedora Update for xen FEDORA-2012-17408\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"xen on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:58:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-3494", "CVE-2012-0029", "CVE-2012-4411", "CVE-2012-0217", "CVE-2012-3495", "CVE-2012-3498", "CVE-2012-0218", "CVE-2012-3515", "CVE-2012-2934", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-4544", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2017-12-28T00:00:00", "published": "2012-11-15T00:00:00", "id": "OPENVAS:864862", "href": "http://plugins.openvas.org/nasl.php?oid=864862", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-17408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-17408\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 16\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html\");\n script_id(864862);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:39:03 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4544\", \"CVE-2012-3494\", \"CVE-2012-3495\", \"CVE-2012-3496\",\n \"CVE-2012-3498\", \"CVE-2012-3515\", \"CVE-2012-4411\", \"CVE-2012-3433\",\n \"CVE-2012-3432\", \"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\",\n \"CVE-2012-2934\", \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-17408\");\n script_name(\"Fedora Update for xen FEDORA-2012-17408\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:27:44", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4544"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0241\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests. A\nprivileged guest user in a para-virtualized guest (a DomU) could create a\ncrafted kernel or ramdisk image that, when attempting to use it during\nguest start, could result in an out-of-memory condition in the privileged\ndomain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, the xend service\nmust be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/031268.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0241.html", "edition": 3, "modified": "2013-02-07T21:02:50", "published": "2013-02-07T21:02:50", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/031268.html", "id": "CESA-2013:0241", "title": "xen security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4544"], "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests. A\nprivileged guest user in a para-virtualized guest (a DomU) could create a\ncrafted kernel or ramdisk image that, when attempting to use it during\nguest start, could result in an out-of-memory condition in the privileged\ndomain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, the xend service\nmust be restarted for this update to take effect.\n", "modified": "2017-09-08T11:59:33", "published": "2013-02-07T05:00:00", "id": "RHSA-2013:0241", "href": "https://access.redhat.com/errata/RHSA-2013:0241", "type": "redhat", "title": "(RHSA-2013:0241) Moderate: xen security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-03-17T23:22:17", "description": "limit the size of guest kernels and ramdisks to avoid running out of\nmemory on dom0 during guest boot [XSA-25,CVE-2012-4544] (#870414)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2012-11-12T00:00:00", "title": "Fedora 16 : xen-4.1.3-3.fc16 (2012-17408)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2012-11-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-17408.NASL", "href": "https://www.tenable.com/plugins/nessus/62876", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17408.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62876);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-4544\");\n script_bugtraq_id(56289);\n script_xref(name:\"FEDORA\", value:\"2012-17408\");\n\n script_name(english:\"Fedora 16 : xen-4.1.3-3.fc16 (2012-17408)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"limit the size of guest kernels and ramdisks to avoid running out of\nmemory on dom0 during guest boot [XSA-25,CVE-2012-4544] (#870414)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=870412\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3b0cac2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xen-4.1.3-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T08:55:38", "description": "From Red Hat Security Advisory 2013:0241 :\n\nUpdated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, the\nxend service must be restarted for this update to take effect.", "edition": 20, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : xen (ELSA-2013-0241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xen-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:xen", "p-cpe:/a:oracle:linux:xen-libs"], "id": "ORACLELINUX_ELSA-2013-0241.NASL", "href": "https://www.tenable.com/plugins/nessus/68725", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0241 and \n# Oracle Linux Security Advisory ELSA-2013-0241 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68725);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-4544\");\n script_bugtraq_id(56289);\n script_xref(name:\"RHSA\", value:\"2013:0241\");\n\n script_name(english:\"Oracle Linux 5 : xen (ELSA-2013-0241)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0241 :\n\nUpdated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, the\nxend service must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003247.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xen-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xen-devel-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xen-libs-3.0.3-142.el5_9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-libs\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T05:22:47", "description": "Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, the\nxend service must be restarted for this update to take effect.", "edition": 23, "published": "2013-02-10T00:00:00", "title": "CentOS 5 : xen (CESA-2013:0241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2013-02-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:xen", "p-cpe:/a:centos:centos:xen-libs", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xen-devel"], "id": "CENTOS_RHSA-2013-0241.NASL", "href": "https://www.tenable.com/plugins/nessus/64511", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0241 and \n# CentOS Errata and Security Advisory 2013:0241 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64511);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-4544\");\n script_bugtraq_id(56289);\n script_xref(name:\"RHSA\", value:\"2013:0241\");\n\n script_name(english:\"CentOS 5 : xen (CESA-2013:0241)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, the\nxend service must be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019230.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fcd9c254\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4544\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xen-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xen-devel-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"xen-libs-3.0.3-142.el5_9.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-libs\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:22:17", "description": "limit the size of guest kernels and ramdisks to avoid running out of\nmemory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2012-11-12T00:00:00", "title": "Fedora 17 : xen-4.1.3-5.fc17 (2012-17204)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2012-11-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2012-17204.NASL", "href": "https://www.tenable.com/plugins/nessus/62874", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17204.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62874);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-4544\");\n script_bugtraq_id(56289);\n script_xref(name:\"FEDORA\", value:\"2012-17204\");\n\n script_name(english:\"Fedora 17 : xen-4.1.3-5.fc17 (2012-17204)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"limit the size of guest kernels and ramdisks to avoid running out of\nmemory on dom0 during guest boot [XSA-25, CVE-2012-4544] (#870414)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=870412\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68a69698\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"xen-4.1.3-5.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T09:14:33", "description": "Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, the\nxend service must be restarted for this update to take effect.", "edition": 23, "published": "2013-02-08T00:00:00", "title": "RHEL 5 : xen (RHSA-2013:0241)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2013-02-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xen-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xen-devel", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:xen", "p-cpe:/a:redhat:enterprise_linux:xen-libs"], "id": "REDHAT-RHSA-2013-0241.NASL", "href": "https://www.tenable.com/plugins/nessus/64498", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0241. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64498);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-4544\");\n script_bugtraq_id(56289);\n script_xref(name:\"RHSA\", value:\"2013:0241\");\n\n script_name(english:\"RHEL 5 : xen (RHSA-2013:0241)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, the\nxend service must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4544\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0241\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-debuginfo-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-debuginfo-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-devel-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-devel-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-libs-3.0.3-142.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-libs-3.0.3-142.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debuginfo / xen-devel / xen-libs\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:22:17", "description": "update to xen 4.2.0, limit the size of guest kernels and ramdisks to\navoid running out of memeory on dom0 during guest boot [XSA-25,\nCVE-2012-4544] (#870414)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2012-11-14T00:00:00", "title": "Fedora 18 : xen-4.2.0-3.fc18 (2012-17135)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2012-11-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2012-17135.NASL", "href": "https://www.tenable.com/plugins/nessus/62912", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-17135.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62912);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-4544\");\n script_bugtraq_id(56289);\n script_xref(name:\"FEDORA\", value:\"2012-17135\");\n\n script_name(english:\"Fedora 18 : xen-4.2.0-3.fc18 (2012-17135)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to xen 4.2.0, limit the size of guest kernels and ramdisks to\navoid running out of memeory on dom0 during guest boot [XSA-25,\nCVE-2012-4544] (#870414)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=870412\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ec9127a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"xen-4.2.0-3.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-18T02:47:12", "description": "A flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nAfter installing the updated packages, the xend service must be\nrestarted for this update to take effect.", "edition": 13, "published": "2013-02-08T00:00:00", "title": "Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20130207)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4544"], "modified": "2013-02-08T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xen-libs", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:xen-debuginfo", "p-cpe:/a:fermilab:scientific_linux:xen-devel", "p-cpe:/a:fermilab:scientific_linux:xen"], "id": "SL_20130207_XEN_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/64499", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64499);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-4544\");\n\n script_name(english:\"Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20130207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way libxc, the Xen control library, handled\nexcessively large kernel and ramdisk images when starting new guests.\nA privileged guest user in a para-virtualized guest (a DomU) could\ncreate a crafted kernel or ramdisk image that, when attempting to use\nit during guest start, could result in an out-of-memory condition in\nthe privileged domain (the Dom0). (CVE-2012-4544)\n\nAfter installing the updated packages, the xend service must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=1365\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a4eeca3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xen-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-debuginfo-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-devel-3.0.3-142.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-libs-3.0.3-142.el5_9.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debuginfo / xen-devel / xen-libs\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:00:32", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2012-4544\n Insufficient validation of kernel or ramdisk sizes in\n the Xen PV domain builder could result in denial of\n service.\n\n - CVE-2012-5511\n Several HVM control operations performed insufficient\n validation of input, which could result in denial of\n service through resource exhaustion.\n\n - CVE-2012-5634\n Incorrect interrupt handling when using VT-d hardware\n could result in denial of service.\n\n - CVE-2013-0153\n Insufficient restriction of interrupt access could\n result in denial of service.", "edition": 15, "published": "2013-03-04T00:00:00", "title": "Debian DSA-2636-2 : xen - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "modified": "2013-03-04T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:xen"], "id": "DEBIAN_DSA-2636.NASL", "href": "https://www.tenable.com/plugins/nessus/64973", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2636. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64973);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-4544\", \"CVE-2012-5511\", \"CVE-2012-5634\", \"CVE-2013-0153\");\n script_bugtraq_id(56289, 56796, 57223, 57745);\n script_xref(name:\"DSA\", value:\"2636\");\n\n script_name(english:\"Debian DSA-2636-2 : xen - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2012-4544\n Insufficient validation of kernel or ramdisk sizes in\n the Xen PV domain builder could result in denial of\n service.\n\n - CVE-2012-5511\n Several HVM control operations performed insufficient\n validation of input, which could result in denial of\n service through resource exhaustion.\n\n - CVE-2012-5634\n Incorrect interrupt handling when using VT-d hardware\n could result in denial of service.\n\n - CVE-2013-0153\n Insufficient restriction of interrupt access could\n result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-4544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-0153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2636\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libxen-dev\", reference:\"4.0.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxenstore3.0\", reference:\"4.0.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-docs-4.0\", reference:\"4.0.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-hypervisor-4.0-amd64\", reference:\"4.0.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-hypervisor-4.0-i386\", reference:\"4.0.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-utils-4.0\", reference:\"4.0.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xenstore-utils\", reference:\"4.0.1-5.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-01T13:16:42", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - libxc: builder: limit maximum size of kernel/ramdisk.\n Allowing user supplied kernels of arbitrary sizes,\n especially during decompression, can swallow up dom0\n memory leading to either virtual address space\n exhaustion in the builder process or allocation\n failures/OOM killing of both toolstack and unrelated\n processes. We disable these checks when building in a\n stub domain for pvgrub since this uses the guest's own\n memory and is isolated. Decompression of gzip compressed\n kernels and ramdisks has been safe since\n 14954:58205257517d (Xen 3.1.0 onwards). This is XSA-25 /\n CVE-2012-4544. Also make explicit checks for buffer\n overflows in various decompression routines. These were\n already ruled out due to other properties of the code\n but check them as a belt-and-braces measure.\n\n [ Includes 25589:60f09d1ab1fe for CVE-2012-2625]\n (CVE-2012-4544)\n\n - compat/gnttab: Prevent infinite loop in compat code c/s\n 20281:95ea2052b41b, which introduces Grant Table version\n 2 hypercalls introduces a vulnerability whereby the\n compat hypercall handler can fall into an infinite loop.\n If the watchdog is enabled, Xen will die after the\n timeout. This is a security problem, XSA-24 /\n CVE-2012-4539. (CVE-2012-4539)\n\n - xen/mm/shadow: check toplevel pagetables are present\n before unhooking them. If the guest has not fully\n populated its top-level PAE entries when it calls\n HVMOP_pagetable_dying, the shadow code could try to\n unhook entries from MFN 0. Add a check to avoid that\n case. This issue was introduced by c/s\n 21239:b9d2db109cf5. This is a security problem, XSA-23 /\n CVE-2012-4538. (CVE-2012-4538)\n\n - x86/physmap: Prevent incorrect updates of m2p mappings\n In certain conditions, such as low memory, set_p2m_entry\n can fail. Currently, the p2m and m2p tables will get out\n of sync because we still update the m2p table after the\n p2m update has failed. If that happens, subsequent\n guest-invoked memory operations can cause BUGs and\n ASSERTs to kill Xen. This is fixed by only updating the\n m2p table iff the p2m was successfully updated. This is\n a security problem, XSA-22 / CVE-2012-4537.\n (CVE-2012-4537)\n\n - x86/physdev: Range check pirq parameter from guests\n Otherwise Xen will read beyond either end of the struct\n domain.arch.pirq_emuirq array, usually resulting in a\n fatal page fault. This vulnerability was introduced by\n c/s 23241:d21100f1d00e, which adds a call to\n domain_pirq_to_emuirq which uses the guest provided pirq\n value before range checking it, and was fixed by c/s\n 23573:584c2e5e03d9 which changed the behaviour of the\n domain_pirq_to_emuirq macro to use radix trees instead\n of a flat array. This is XSA-21 / CVE-2012-4536.\n (CVE-2012-4536)\n\n - VCPU/timers: Prevent overflow in calculations, leading\n to DoS vulnerability The timer action for a vcpu\n periodic timer is to calculate the next expiry time, and\n to reinsert itself into the timer queue. If the deadline\n ends up in the past, Xen never leaves __do_softirq. The\n affected PCPU will stay in an infinite loop until Xen is\n killed by the watchdog (if enabled). This is a security\n problem, XSA-20 / CVE-2012-4535. (CVE-2012-4535)\n\n - Correct RTC time offset update error for HVM guest\n changeset 24947:b198ada9689d\n\n - always release vm running lock on VM shutdown Before\n this patch, when xend restarted, the VM running lock\n will not be released on shutdown, so the VM could never\n start again. Talked with Junjie, we recommend always\n releasing the lock on VM shutdown. So even when xend\n restarted, there should be no stale lock leaving there.", "edition": 24, "published": "2014-11-26T00:00:00", "title": "OracleVM 3.1 : xen (OVMSA-2012-0051)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4535", "CVE-2012-4539", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-2625", "CVE-2012-4536", "CVE-2012-4544"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen", "cpe:/o:oracle:vm_server:3.1", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2012-0051.NASL", "href": "https://www.tenable.com/plugins/nessus/79489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2012-0051.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79489);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:34\");\n\n script_cve_id(\"CVE-2012-2625\", \"CVE-2012-4535\", \"CVE-2012-4536\", \"CVE-2012-4537\", \"CVE-2012-4538\", \"CVE-2012-4539\", \"CVE-2012-4544\");\n script_bugtraq_id(53650, 56289, 56498);\n\n script_name(english:\"OracleVM 3.1 : xen (OVMSA-2012-0051)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - libxc: builder: limit maximum size of kernel/ramdisk.\n Allowing user supplied kernels of arbitrary sizes,\n especially during decompression, can swallow up dom0\n memory leading to either virtual address space\n exhaustion in the builder process or allocation\n failures/OOM killing of both toolstack and unrelated\n processes. We disable these checks when building in a\n stub domain for pvgrub since this uses the guest's own\n memory and is isolated. Decompression of gzip compressed\n kernels and ramdisks has been safe since\n 14954:58205257517d (Xen 3.1.0 onwards). This is XSA-25 /\n CVE-2012-4544. Also make explicit checks for buffer\n overflows in various decompression routines. These were\n already ruled out due to other properties of the code\n but check them as a belt-and-braces measure.\n\n [ Includes 25589:60f09d1ab1fe for CVE-2012-2625]\n (CVE-2012-4544)\n\n - compat/gnttab: Prevent infinite loop in compat code c/s\n 20281:95ea2052b41b, which introduces Grant Table version\n 2 hypercalls introduces a vulnerability whereby the\n compat hypercall handler can fall into an infinite loop.\n If the watchdog is enabled, Xen will die after the\n timeout. This is a security problem, XSA-24 /\n CVE-2012-4539. (CVE-2012-4539)\n\n - xen/mm/shadow: check toplevel pagetables are present\n before unhooking them. If the guest has not fully\n populated its top-level PAE entries when it calls\n HVMOP_pagetable_dying, the shadow code could try to\n unhook entries from MFN 0. Add a check to avoid that\n case. This issue was introduced by c/s\n 21239:b9d2db109cf5. This is a security problem, XSA-23 /\n CVE-2012-4538. (CVE-2012-4538)\n\n - x86/physmap: Prevent incorrect updates of m2p mappings\n In certain conditions, such as low memory, set_p2m_entry\n can fail. Currently, the p2m and m2p tables will get out\n of sync because we still update the m2p table after the\n p2m update has failed. If that happens, subsequent\n guest-invoked memory operations can cause BUGs and\n ASSERTs to kill Xen. This is fixed by only updating the\n m2p table iff the p2m was successfully updated. This is\n a security problem, XSA-22 / CVE-2012-4537.\n (CVE-2012-4537)\n\n - x86/physdev: Range check pirq parameter from guests\n Otherwise Xen will read beyond either end of the struct\n domain.arch.pirq_emuirq array, usually resulting in a\n fatal page fault. This vulnerability was introduced by\n c/s 23241:d21100f1d00e, which adds a call to\n domain_pirq_to_emuirq which uses the guest provided pirq\n value before range checking it, and was fixed by c/s\n 23573:584c2e5e03d9 which changed the behaviour of the\n domain_pirq_to_emuirq macro to use radix trees instead\n of a flat array. This is XSA-21 / CVE-2012-4536.\n (CVE-2012-4536)\n\n - VCPU/timers: Prevent overflow in calculations, leading\n to DoS vulnerability The timer action for a vcpu\n periodic timer is to calculate the next expiry time, and\n to reinsert itself into the timer queue. If the deadline\n ends up in the past, Xen never leaves __do_softirq. The\n affected PCPU will stay in an infinite loop until Xen is\n killed by the watchdog (if enabled). This is a security\n problem, XSA-20 / CVE-2012-4535. (CVE-2012-4535)\n\n - Correct RTC time offset update error for HVM guest\n changeset 24947:b198ada9689d\n\n - always release vm running lock on VM shutdown Before\n this patch, when xend restarted, the VM running lock\n will not be released on shutdown, so the VM could never\n start again. Talked with Junjie, we recommend always\n releasing the lock on VM shutdown. So even when xend\n restarted, there should be no stale lock leaving there.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2012-November/000109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6907b516\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-4.1.2-18.el5.24\")) flag++;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-devel-4.1.2-18.el5.24\")) flag++;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-tools-4.1.2-18.el5.24\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-05T12:29:20", "description": "XEN was updated to fix various bugs and security issues :\n\nThe following security issues have been fixed :\n\n - xen: Domain builder Out-of-memory due to malicious\n kernel/ramdisk (XSA 25). (CVE-2012-4544)\n\n - XEN / qemu: guest administrator can access qemu monitor\n console (XSA-19). (CVE-2012-4411)\n\n - xen: Timer overflow DoS vulnerability (XSA 20).\n (CVE-2012-4535)\n\n - xen: pirq range check DoS vulnerability (XSA 21).\n (CVE-2012-4536)\n\n - xen: Memory mapping failure DoS vulnerability (XSA 22).\n (CVE-2012-4537)\n\n - xen: Unhooking empty PAE entries DoS vulnerability (XSA\n 23). (CVE-2012-4538)\n\n - xen: Grant table hypercall infinite loop DoS\n vulnerability (XSA 24). (CVE-2012-4539)\n\n - xen: multiple TMEM hypercall vulnerabilities (XSA-15)\n Also the following bugs have been fixed and upstream\n patches have been applied:. (CVE-2012-3497)\n\n - L3: Xen BUG at io_apic.c:129\n 26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087)\n\n - Upstream patches merged:\n 26054-x86-AMD-perf-ctr-init.patch\n 26055-x86-oprof-hvm-mode.patch\n 26056-page-alloc-flush-filter.patch\n 26061-x86-oprof-counter-range.patch\n 26062-ACPI-ERST-move-data.patch\n 26063-x86-HPET-affinity-lock.patch\n 26093-HVM-PoD-grant-mem-type.patch\n 25931-x86-domctl-iomem-mapping-checks.patch\n 25952-x86-MMIO-remap-permissions.patch\n 25808-domain_create-return-value.patch\n 25814-x86_64-set-debugreg-guest.patch\n 25815-x86-PoD-no-bug-in-non-translated.patch\n 25816-x86-hvm-map-pirq-range-check.patch\n 25833-32on64-bogus-pt_base-adjust.patch\n 25834-x86-S3-MSI-resume.patch\n 25835-adjust-rcu-lock-domain.patch\n 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch\n 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch\n 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch\n 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch\n 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch\n 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch\n 25883-pt-MSI-cleanup.patch\n 25927-x86-domctl-ioport-mapping-range.patch\n 25929-tmem-restore-pool-version.patch\n\n - first XEN-PV VM fails to spawn xend: Increase wait time\n for disk to appear in host bootloader Modified existing\n xen-domUloader.diff. (bnc#778105)\n\n 25752-ACPI-pm-op-valid-cpu.patch\n 25754-x86-PoD-early-access.patch\n 25755-x86-PoD-types.patch\n 25756-x86-MMIO-max-mapped-pfn.patch", "edition": 16, "published": "2013-01-25T00:00:00", "title": "SuSE 11.2 Security Update : Xen (SAT Patch Number 7018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2012-3497", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4536", "CVE-2012-4544"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:xen-tools", "p-cpe:/a:novell:suse_linux:11:xen-tools-domU", "p-cpe:/a:novell:suse_linux:11:xen-kmp-trace", "p-cpe:/a:novell:suse_linux:11:xen-libs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:xen", "p-cpe:/a:novell:suse_linux:11:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:11:xen-doc-html", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:xen-libs", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "id": "SUSE_11_XEN-201211-121102.NASL", "href": "https://www.tenable.com/plugins/nessus/64238", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64238);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-3497\", \"CVE-2012-4411\", \"CVE-2012-4535\", \"CVE-2012-4536\", \"CVE-2012-4537\", \"CVE-2012-4538\", \"CVE-2012-4539\", \"CVE-2012-4544\");\n\n script_name(english:\"SuSE 11.2 Security Update : Xen (SAT Patch Number 7018)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XEN was updated to fix various bugs and security issues :\n\nThe following security issues have been fixed :\n\n - xen: Domain builder Out-of-memory due to malicious\n kernel/ramdisk (XSA 25). (CVE-2012-4544)\n\n - XEN / qemu: guest administrator can access qemu monitor\n console (XSA-19). (CVE-2012-4411)\n\n - xen: Timer overflow DoS vulnerability (XSA 20).\n (CVE-2012-4535)\n\n - xen: pirq range check DoS vulnerability (XSA 21).\n (CVE-2012-4536)\n\n - xen: Memory mapping failure DoS vulnerability (XSA 22).\n (CVE-2012-4537)\n\n - xen: Unhooking empty PAE entries DoS vulnerability (XSA\n 23). (CVE-2012-4538)\n\n - xen: Grant table hypercall infinite loop DoS\n vulnerability (XSA 24). (CVE-2012-4539)\n\n - xen: multiple TMEM hypercall vulnerabilities (XSA-15)\n Also the following bugs have been fixed and upstream\n patches have been applied:. (CVE-2012-3497)\n\n - L3: Xen BUG at io_apic.c:129\n 26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087)\n\n - Upstream patches merged:\n 26054-x86-AMD-perf-ctr-init.patch\n 26055-x86-oprof-hvm-mode.patch\n 26056-page-alloc-flush-filter.patch\n 26061-x86-oprof-counter-range.patch\n 26062-ACPI-ERST-move-data.patch\n 26063-x86-HPET-affinity-lock.patch\n 26093-HVM-PoD-grant-mem-type.patch\n 25931-x86-domctl-iomem-mapping-checks.patch\n 25952-x86-MMIO-remap-permissions.patch\n 25808-domain_create-return-value.patch\n 25814-x86_64-set-debugreg-guest.patch\n 25815-x86-PoD-no-bug-in-non-translated.patch\n 25816-x86-hvm-map-pirq-range-check.patch\n 25833-32on64-bogus-pt_base-adjust.patch\n 25834-x86-S3-MSI-resume.patch\n 25835-adjust-rcu-lock-domain.patch\n 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch\n 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch\n 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch\n 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch\n 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch\n 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch\n 25883-pt-MSI-cleanup.patch\n 25927-x86-domctl-ioport-mapping-range.patch\n 25929-tmem-restore-pool-version.patch\n\n - first XEN-PV VM fails to spawn xend: Increase wait time\n for disk to appear in host bootloader Modified existing\n xen-domUloader.diff. (bnc#778105)\n\n 25752-ACPI-pm-op-valid-cpu.patch\n 25754-x86-PoD-early-access.patch\n 25755-x86-PoD-types.patch\n 25756-x86-MMIO-max-mapped-pfn.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=778105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=786520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=787163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4411.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4535.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4536.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4538.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4539.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4544.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7018.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-default-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-pae-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-libs-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"xen-tools-domU-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-doc-html-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-doc-pdf-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-default-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-libs-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-libs-32bit-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-tools-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"xen-tools-domU-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-default-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-pae-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-libs-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"xen-tools-domU-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-doc-html-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-doc-pdf-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-default-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-kmp-trace-4.1.3_04_3.0.42_0.7-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-libs-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-libs-32bit-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-tools-4.1.3_04-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"xen-tools-domU-4.1.3_04-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4544"], "description": "[3.0.3-142.el5_9.1]\n- libxc: move error checking next to the function which returned the error (rhbz 876997)\n- libxc: builder: limit maximum size of kernel/ramdisk (rhbz 876997)", "edition": 4, "modified": "2013-02-07T00:00:00", "published": "2013-02-07T00:00:00", "id": "ELSA-2013-0241", "href": "http://linux.oracle.com/errata/ELSA-2013-0241.html", "title": "xen security update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:21:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2636-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 03, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2013-0153\n\nA regression in combination with pygrub has been discovered. For the \nstable distribution (squeeze), these problems have been fixed in version \n4.0.1-5.8.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2013-03-03T11:28:51", "published": "2013-03-03T11:28:51", "id": "DEBIAN:DSA-2636-2:33EAF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00042.html", "title": "[SECURITY] [DSA 2636-2] xen regression update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-11T13:21:25", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2636-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 01, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2013-0153\nDebian Bug : \n\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The \nCommon Vulnerabilities and Exposures project identifies the following \nproblems:\n\nCVE-2012-4544\n\n Insufficient validation of kernel or ramdisk sizes in the Xen PV \n domain builder could result in denial of service.\n\nCVE-2012-5511\n\n Several HVM control operations performed insufficient validation of\n input, which could result in denial of service through resource\n exhaustion.\n\nCVE-2012-5634\n\n Incorrect interrupt handling when using VT-d hardware could result\n in denial of service.\n\nCVE-2013-0153\n\n Insufficient restriction of interrupt access could result in denial\n of service.\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.7.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.1.4-2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.1.4-2.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2013-03-01T19:24:27", "published": "2013-03-01T19:24:27", "id": "DEBIAN:DSA-2636-1:3E888", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00041.html", "title": "[SECURITY] [DSA 2636-1] xen security update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2636-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMarch 01, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : xen\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2013-0153\r\nDebian Bug : \r\n\r\nMultiple vulnerabilities have been discovered in the Xen hypervisor. The \r\nCommon Vulnerabilities and Exposures project identifies the following \r\nproblems:\r\n\r\nCVE-2012-4544\r\n\r\n Insufficient validation of kernel or ramdisk sizes in the Xen PV \r\n domain builder could result in denial of service.\r\n\r\nCVE-2012-5511\r\n\r\n Several HVM control operations performed insufficient validation of\r\n input, which could result in denial of service through resource\r\n exhaustion.\r\n\r\nCVE-2012-5634\r\n\r\n Incorrect interrupt handling when using VT-d hardware could result\r\n in denial of service.\r\n\r\nCVE-2013-0153\r\n\r\n Insufficient restriction of interrupt access could result in denial\r\n of service.\r\n\r\n\r\nFor the stable distribution (squeeze), these problems have been fixed in\r\nversion 4.0.1-5.7.\r\n\r\nFor the testing distribution (wheezy), these problems have been fixed in\r\nversion 4.1.4-2.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 4.1.4-2.\r\n\r\nWe recommend that you upgrade your xen packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAlEw/3YACgkQXm3vHE4uylrX+ACgtVk1Pg/7Op/sVbMAmliP7WM/\r\nG38An2vc8pHv2LM2h3q2Sz2VRKkJhPVV\r\n=/k4L\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "SECURITYVULNS:DOC:29165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29165", "title": "[SECURITY] [DSA 2636-1] xen security update", "type": "securityvulns", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153", "CVE-2012-4544"], "description": "Different DoS conditions.", "edition": 1, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "SECURITYVULNS:VULN:12940", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12940", "title": "xen multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:59:17", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2012-3497", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4536", "CVE-2012-4544"], "description": "XEN was updated to fix various bugs and security issues:\n\n The following security issues have been fixed:\n\n * CVE-2012-4544: xen: Domain builder Out-of-memory due\n to malicious kernel/ramdisk (XSA 25)\n * CVE-2012-4411: XEN / qemu: guest administrator can\n access qemu monitor console (XSA-19)\n * CVE-2012-4535: xen: Timer overflow DoS vulnerability\n (XSA 20)\n * CVE-2012-4536: xen: pirq range check DoS\n vulnerability (XSA 21)\n * CVE-2012-4537: xen: Memory mapping failure DoS\n vulnerability (XSA 22)\n * CVE-2012-4538: xen: Unhooking empty PAE entries DoS\n vulnerability (XSA 23)\n * CVE-2012-4539: xen: Grant table hypercall infinite\n loop DoS vulnerability (XSA 24)\n * CVE-2012-3497: xen: multiple TMEM hypercall\n vulnerabilities (XSA-15)\n\n Also the following bugs have been fixed and upstream\n patches have been applied:\n\n *\n\n bnc#784087 - L3: Xen BUG at io_apic.c:129\n 26102-x86-IOAPIC-legacy-not-first.patch\n\n *\n\n Upstream patches merged:\n 26054-x86-AMD-perf-ctr-init.patch\n 26055-x86-oprof-hvm-mode.patch\n 26056-page-alloc-flush-filter.patch\n 26061-x86-oprof-counter-range.patch\n 26062-ACPI-ERST-move-data.patch\n 26063-x86-HPET-affinity-lock.patch\n 26093-HVM-PoD-grant-mem-type.patch\n 25931-x86-domctl-iomem-mapping-checks.patch\n 25952-x86-MMIO-remap-permissions.patch\n 25808-domain_create-return-value.patch\n 25814-x86_64-set-debugreg-guest.patch\n 25815-x86-PoD-no-bug-in-non-translated.patch\n 25816-x86-hvm-map-pirq-range-check.patch\n 25833-32on64-bogus-pt_base-adjust.patch\n 25834-x86-S3-MSI-resume.patch\n 25835-adjust-rcu-lock-domain.patch\n 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch\n 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch\n 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch\n 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch\n 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch\n 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch\n 25883-pt-MSI-cleanup.patch\n 25927-x86-domctl-ioport-mapping-range.patch\n 25929-tmem-restore-pool-version.patch\n\n *\n\n bnc#778105 - first XEN-PV VM fails to spawn xend:\n Increase wait time for disk to appear in host bootloader\n Modified existing xen-domUloader.diff\n\n 25752-ACPI-pm-op-valid-cpu.patch\n 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch\n 25756-x86-MMIO-max-mapped-pfn.patch\n", "edition": 1, "modified": "2012-11-16T00:09:20", "published": "2012-11-16T00:09:20", "id": "SUSE-SU-2012:1486-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html", "type": "suse", "title": "Security update for Xen (important)", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2012-3497", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4536", "CVE-2012-4544"], "description": "XEN received various security and bugfixes:\n\n * CVE-2012-4535: xen: Timer overflow DoS vulnerability\n (XSA-20)\n * CVE-2012-4537: xen: Memory mapping failure DoS\n vulnerability (XSA-22)\n\n The following additional bugs have beenfixed:\n\n * bnc#784087 - L3: Xen BUG at io_apic.c:129\n 26102-x86-IOAPIC-legacy-not-first.patch\n * Upstream patches from Jan\n 25927-x86-domctl-ioport-mapping-range.patch\n 25931-x86-domctl-iomem-mapping-checks.patch\n 26061-x86-oprof-counter-range.patch\n 25431-x86-EDD-MBR-sig-check.patch\n 25480-x86_64-sysret-canonical.patch\n 25481-x86_64-AMD-erratum-121.patch\n 25485-x86_64-canonical-checks.patch\n 25587-param-parse-limit.patch\n 25589-pygrub-size-limits.patch\n 25744-hypercall-return-long.patch\n 25765-x86_64-allow-unsafe-adjust.patch\n 25773-x86-honor-no-real-mode.patch\n 25786-x86-prefer-multiboot-meminfo-over-e801.patch\n 25808-domain_create-return-value.patch\n 25814-x86_64-set-debugreg-guest.patch\n 24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch\n 25200-x86_64-trap-bounce-flags.patch\n 25271-x86_64-IST-index.patch\n *\n\n bnc#651093 - win2k8 guests are unable to restore\n after saving the vms state ept-novell-x64.patch\n 23800-x86_64-guest-addr-range.patch\n 24168-x86-vioapic-clear-remote_irr.patch\n 24453-x86-vIRQ-IRR-TMR-race.patch 24456-x86-emul-lea.patch\n\n *\n\n bnc#713555 - Unable to install RHEL 6.1 x86 as a\n paravirtualized guest OS on SLES 10 SP4 x86\n vm-install-0.2.19.tar.bz2\n", "edition": 1, "modified": "2012-11-16T17:08:43", "published": "2012-11-16T17:08:43", "id": "SUSE-SU-2012:1487-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4423", "CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2012-3497", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4536", "CVE-2012-4544"], "description": "libvirt received security and bugfixes:\n\n * CVE-2012-4423: Fixed a libvirt remote denial of\n service (crash) problem.\n\n The following bugs have been fixed:\n\n * qemu: Fix probing for guest capabilities\n * xen-xm: Generate UUID if not specified\n * xenParseXM: don't dereference NULL pointer when\n script is empty\n", "edition": 1, "modified": "2012-11-19T21:08:39", "published": "2012-11-19T21:08:39", "id": "SUSE-SU-2012:1503-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00012.html", "type": "suse", "title": "Security update for libvirt (important)", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:38", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1920", "CVE-2013-2196", "CVE-2013-4368", "CVE-2013-1917", "CVE-2013-4554", "CVE-2013-2194", "CVE-2012-4544", "CVE-2013-6885", "CVE-2013-2195", "CVE-2013-4494", "CVE-2013-4355"], "description": "The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues.\n\n The following security issues have been addressed:\n\n * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n * XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n * XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n * XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n * XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to "other problems" that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n * XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to "pointer dereferences" involving\n unexpected calculations. (bnc#823011)\n * XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n * XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running "under memory pressure" and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n * XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n * XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n", "edition": 1, "modified": "2014-03-20T13:04:14", "published": "2014-03-20T13:04:14", "id": "SUSE-SU-2014:0411-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html", "type": "suse", "title": "Security update for Xen (important)", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:01:48", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1920", "CVE-2013-2196", "CVE-2012-5515", "CVE-2013-4368", "CVE-2012-4535", "CVE-2013-1917", "CVE-2013-4554", "CVE-2012-5513", "CVE-2012-4537", "CVE-2013-2194", "CVE-2012-4544", "CVE-2013-6885", "CVE-2013-2195", "CVE-2013-4494", "CVE-2013-4355"], "description": "The SUSE Linux Enterprise 10 Service Pack 3 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues:\n\n The following security issues have been addressed:\n\n *\n\n XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and\n possibly earlier versions, allows local guest OS\n administrators to cause a denial of service (Xen infinite\n loop and physical CPU consumption) by setting a VCPU with\n an "inappropriate deadline". (bnc#786516)\n\n *\n\n XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and\n possibly earlier versions, does not properly synchronize\n the p2m and m2p tables when the set_p2m_entry function\n fails, which allows local HVM guest OS administrators to\n cause a denial of service (memory consumption and assertion\n failure), aka "Memory mapping failure DoS vulnerability".\n (bnc#786517)\n\n *\n\n XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n\n *\n\n XSA-29: CVE-2012-5513: The XENMEM_exchange handler in\n Xen 4.2 and earlier does not properly check the memory\n address, which allows local PV guest OS administrators to\n cause a denial of service (crash) or possibly gain\n privileges via unspecified vectors that overwrite memory in\n the hypervisor reserved range. (bnc#789951)\n\n *\n\n XSA-31: CVE-2012-5515: The (1)\n XENMEM_decrease_reservation, (2) XENMEM_populate_physmap,\n and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier\n allow local guest administrators to cause a denial of\n service (long loop and hang) via a crafted extent_order\n value. (bnc#789950)\n\n *\n\n XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n\n *\n\n XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running "under memory pressure" and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n\n *\n\n XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to "other problems" that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to "pointer dereferences" involving\n unexpected calculations. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n\n *\n\n XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n\n *\n\n XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n\n *\n\n XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n Security Issues references:\n\n * CVE-2012-4535\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535</a>\n >\n * CVE-2012-4537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537</a>\n >\n * CVE-2012-4544\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544</a>\n >\n * CVE-2012-5513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513</a>\n >\n * CVE-2012-5515\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515</a>\n >\n * CVE-2013-1917\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917</a>\n >\n * CVE-2013-1920\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920</a>\n >\n * CVE-2013-2194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194</a>\n >\n * CVE-2013-2195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195</a>\n >\n * CVE-2013-2196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196</a>\n >\n * CVE-2013-4355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355</a>\n >\n * CVE-2013-4368\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368</a>\n >\n * CVE-2013-4494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494</a>\n >\n * CVE-2013-4554\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554</a>\n >\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>\n >\n", "edition": 1, "modified": "2014-04-01T20:04:15", "published": "2014-04-01T20:04:15", "id": "SUSE-SU-2014:0470-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3494", "CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2012-3495", "CVE-2012-3498", "CVE-2007-0998", "CVE-2012-3515", "CVE-2012-3497", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-2934", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-4536", "CVE-2012-4544"], "description": "This security update of XEN fixes various bugs and security\n issues.\n\n - Upstream patch 26088-xend-xml-filesize-check.patch\n\n - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of-\n memory due to malicious kernel/ramdisk (XSA 25)\n CVE-2012-4544-xsa25.patch\n - bnc#779212 - CVE-2012-4411: XEN / qemu: guest\n administrator can access qemu monitor console (XSA-19)\n CVE-2012-4411-xsa19.patch\n\n - bnc#786516 - CVE-2012-4535: xen: Timer overflow DoS\n vulnerability CVE-2012-4535-xsa20.patch\n - bnc#786518 - CVE-2012-4536: xen: pirq range check DoS\n vulnerability CVE-2012-4536-xsa21.patch\n - bnc#786517 - CVE-2012-4537: xen: Memory mapping failure\n DoS vulnerability CVE-2012-4537-xsa22.patch\n - bnc#786519 - CVE-2012-4538: xen: Unhooking empty PAE\n entries DoS vulnerability CVE-2012-4538-xsa23.patch\n - bnc#786520 - CVE-2012-4539: xen: Grant table hypercall\n infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch\n - bnc#784087 - L3: Xen BUG at io_apic.c:129\n 26102-x86-IOAPIC-legacy-not-first.patch\n - Upstream patches from Jan\n 26054-x86-AMD-perf-ctr-init.patch\n 26055-x86-oprof-hvm-mode.patch\n 26056-page-alloc-flush-filter.patch\n 26061-x86-oprof-counter-range.patch\n 26062-ACPI-ERST-move-data.patch\n 26063-x86-HPET-affinity-lock.patch\n 26093-HVM-PoD-grant-mem-type.patch\n\n - Upstream patches from Jan\n 25931-x86-domctl-iomem-mapping-checks.patch\n 25952-x86-MMIO-remap-permissions.patch\n\n ------------------------------------------------------------\n ------- Mon Sep 24 16:41:58 CEST 2012 - ohering@xxxxxxx\n\n - use BuildRequires: gcc46 only in sles11sp2 or 12.1 to fix\n build in 11.4\n\n ------------------------------------------------------------\n ------- Thu Sep 20 10:03:40 MDT 2012 - carnold@xxxxxxxxxx\n\n - Upstream patches from Jan\n 25808-domain_create-return-value.patch\n 25814-x86_64-set-debugreg-guest.patch\n 25815-x86-PoD-no-bug-in-non-translated.patch\n 25816-x86-hvm-map-pirq-range-check.patch\n 25833-32on64-bogus-pt_base-adjust.patch\n 25834-x86-S3-MSI-resume.patch\n 25835-adjust-rcu-lock-domain.patch\n 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch\n 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch\n 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch\n 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch\n 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch\n 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch\n 25883-pt-MSI-cleanup.patch\n 25927-x86-domctl-ioport-mapping-range.patch\n 25929-tmem-restore-pool-version.patch\n\n - bnc#778105 - first XEN-PV VM fails to spawn xend:\n Increase wait time for disk to appear in host bootloader\n Modified existing xen-domUloader.diff\n\n - Upstream patches from Jan\n 25752-ACPI-pm-op-valid-cpu.patch\n 25754-x86-PoD-early-access.patch\n 25755-x86-PoD-types.patch\n 25756-x86-MMIO-max-mapped-pfn.patch\n 25757-x86-EPT-PoD-1Gb-assert.patch\n 25764-x86-unknown-cpu-no-sysenter.patch\n 25765-x86_64-allow-unsafe-adjust.patch\n 25771-grant-copy-status-paged-out.patch\n 25773-x86-honor-no-real-mode.patch\n 25786-x86-prefer-multiboot-meminfo-over-e801.patch\n - bnc#777890 - CVE-2012-3497: xen: multiple TMEM hypercall\n vulnerabilities (XSA-15)\n CVE-2012-3497-tmem-xsa-15-1.patch\n CVE-2012-3497-tmem-xsa-15-2.patch\n CVE-2012-3497-tmem-xsa-15-3.patch\n CVE-2012-3497-tmem-xsa-15-4.patch\n CVE-2012-3497-tmem-xsa-15-5.patch\n CVE-2012-3497-tmem-xsa-15-6.patch\n CVE-2012-3497-tmem-xsa-15-7.patch\n CVE-2012-3497-tmem-xsa-15-8.patch\n CVE-2012-3497-tmem-xsa-15-9.patch tmem-missing-break.patch\n\n", "edition": 1, "modified": "2012-11-26T15:13:15", "published": "2012-11-26T15:13:15", "id": "OPENSUSE-SU-2012:1573-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html", "type": "suse", "title": "XEN: security and bugfix update (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:16", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3494", "CVE-2012-4535", "CVE-2012-4411", "CVE-2012-4539", "CVE-2012-3495", "CVE-2012-3498", "CVE-2007-0998", "CVE-2012-3515", "CVE-2012-3497", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-2934", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-4536", "CVE-2012-4544"], "description": "This security update of XEN fixes various bugs and security\n issues.\n\n - Upstream patch 26088-xend-xml-filesize-check.patch\n\n - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of-\n memory due to malicious kernel/ramdisk (XSA 25)\n CVE-2012-4544-xsa25.patch\n - bnc#779212 - CVE-2012-4411: XEN / qemu: guest\n administrator can access qemu monitor console (XSA-19)\n CVE-2012-4411-xsa19.patch\n\n\n - bnc#786516 - CVE-2012-4535: xen: Timer overflow DoS\n vulnerability CVE-2012-4535-xsa20.patch\n - bnc#786518 - CVE-2012-4536: xen: pirq range check DoS\n vulnerability CVE-2012-4536-xsa21.patch\n - bnc#786517 - CVE-2012-4537: xen: Memory mapping failure\n DoS vulnerability CVE-2012-4537-xsa22.patch\n - bnc#786519 - CVE-2012-4538: xen: Unhooking empty PAE\n entries DoS vulnerability CVE-2012-4538-xsa23.patch\n - bnc#786520 - CVE-2012-4539: xen: Grant table hypercall\n infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch\n - bnc#784087 - L3: Xen BUG at io_apic.c:129\n 26102-x86-IOAPIC-legacy-not-first.patch\n - Upstream patches from Jan\n 26054-x86-AMD-perf-ctr-init.patch\n 26055-x86-oprof-hvm-mode.patch\n 26056-page-alloc-flush-filter.patch\n 26061-x86-oprof-counter-range.patch\n 26062-ACPI-ERST-move-data.patch\n 26063-x86-HPET-affinity-lock.patch\n 26093-HVM-PoD-grant-mem-type.patch\n - Upstream patches from Jan\n 25931-x86-domctl-iomem-mapping-checks.patch\n 25952-x86-MMIO-remap-permissions.patch\n\n - Upstream patches from Jan\n 25808-domain_create-return-value.patch\n 25814-x86_64-set-debugreg-guest.patch\n 25815-x86-PoD-no-bug-in-non-translated.patch\n 25816-x86-hvm-map-pirq-range-check.patch\n 25833-32on64-bogus-pt_base-adjust.patch\n 25834-x86-S3-MSI-resume.patch\n 25835-adjust-rcu-lock-domain.patch\n 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch\n 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch\n 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch\n 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch\n 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch\n 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch\n 25883-pt-MSI-cleanup.patch\n 25927-x86-domctl-ioport-mapping-range.patch\n 25929-tmem-restore-pool-version.patch\n\n - bnc#778105 - first XEN-PV VM fails to spawn xend:\n Increase wait time for disk to appear in host bootloader\n Modified existing xen-domUloader.diff\n\n - Upstream patches from Jan\n 25752-ACPI-pm-op-valid-cpu.patch\n 25754-x86-PoD-early-access.patch\n 25755-x86-PoD-types.patch\n 25756-x86-MMIO-max-mapped-pfn.patch\n 25757-x86-EPT-PoD-1Gb-assert.patch\n 25764-x86-unknown-cpu-no-sysenter.patch\n 25765-x86_64-allow-unsafe-adjust.patch\n 25771-grant-copy-status-paged-out.patch\n 25773-x86-honor-no-real-mode.patch\n 25786-x86-prefer-multiboot-meminfo-over-e801.patch\n - bnc#777890 - CVE-2012-3497: xen: multiple TMEM hypercall\n vulnerabilities (XSA-15)\n CVE-2012-3497-tmem-xsa-15-1.patch\n CVE-2012-3497-tmem-xsa-15-2.patch\n CVE-2012-3497-tmem-xsa-15-3.patch\n CVE-2012-3497-tmem-xsa-15-4.patch\n CVE-2012-3497-tmem-xsa-15-5.patch\n CVE-2012-3497-tmem-xsa-15-6.patch\n CVE-2012-3497-tmem-xsa-15-7.patch\n CVE-2012-3497-tmem-xsa-15-8.patch\n CVE-2012-3497-tmem-xsa-15-9.patch tmem-missing-break.patch\n\n", "edition": 1, "modified": "2012-11-26T15:08:36", "published": "2012-11-26T15:08:36", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html", "id": "OPENSUSE-SU-2012:1572-1", "title": "XEN: security and bugfix update (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:19", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1056", "CVE-2013-1920", "CVE-2013-2196", "CVE-2012-5511", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-1919", "CVE-2012-5514", "CVE-2014-1891", "CVE-2013-4368", "CVE-2012-4535", "CVE-2013-4329", "CVE-2012-4411", "CVE-2013-1917", "CVE-2012-4539", "CVE-2014-1894", "CVE-2007-0998", "CVE-2013-4554", "CVE-2013-1952", "CVE-2013-0153", "CVE-2012-5513", "CVE-2013-2072", "CVE-2014-1892", "CVE-2012-5510", "CVE-2012-3497", "CVE-2013-1432", "CVE-2013-4361", "CVE-2012-6333", "CVE-2013-2077", "CVE-2012-4537", "CVE-2012-4538", "CVE-2013-2194", "CVE-2013-1918", "CVE-2013-0154", "CVE-2013-4553", "CVE-2014-1893", "CVE-2012-4544", "CVE-2013-1964", "CVE-2013-6885", "CVE-2013-1442", "CVE-2013-2195", "CVE-2012-6075", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-2076", "CVE-2013-4494", "CVE-2013-4355"], "description": "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues and some bugs.\n\n The following security issues have been addressed:\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist\n hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does\n not always obtain the page_alloc_lock and mm_rwlock in the\n same order, which allows local guest administrators to\n cause a denial of service (host deadlock). (bnc#849667)\n\n *\n\n XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n\n *\n\n XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n\n *\n\n XSA-66: CVE-2013-4361: The fbld instruction emulation\n in Xen 3.3.x through 4.3.x does not use the correct\n variable for the source effective address, which allows\n local HVM guests to obtain hypervisor stack information by\n reading the values used by the instruction. (bnc#841766)\n\n *\n\n XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n\n *\n\n XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when\n using AVX or LWP capable CPUs, does not properly clear\n previous data from registers when using an XSAVE or XRSTOR\n to extend the state components of a saved or restored vCPU\n after touching other restored extended registers, which\n allows local guest OSes to obtain sensitive information by\n reading the registers. (bnc#839596)\n\n *\n\n XSA-61: CVE-2013-4329: The xenlight library (libxl)\n in Xen 4.0.x through 4.2.x, when IOMMU is disabled,\n provides access to a busmastering-capable PCI passthrough\n device before the IOMMU setup is complete, which allows\n local HVM guest domains to gain privileges or cause a\n denial of service via a DMA instruction. (bnc#839618)\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n *\n\n XSA-58: CVE-2013-1918: Certain page table\n manipulation operations in Xen 4.1.x, 4.2.x, and earlier\n are not preemptible, which allows local PV kernels to cause\n a denial of service via vectors related to "deep page table\n traversal." (bnc#826882)\n\n *\n\n XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the\n XSA-45 patch is in place, does not properly maintain\n references on pages stored for deferred cleanup, which\n allows local PV guest kernels to cause a denial of service\n (premature page free and hypervisor crash) or possible gain\n privileges via unspecified vectors. (bnc#826882)\n\n *\n\n XSA-57: CVE-2013-2211: The libxenlight (libxl)\n toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak\n permissions for xenstore keys for paravirtualised and\n emulated serial console devices, which allows local guest\n administrators to modify the xenstore value via unspecified\n vectors. (bnc#823608)\n\n *\n\n XSA-56: CVE-2013-2072: Buffer overflow in the Python\n bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,\n 4.1.x, and 4.2.x allows local administrators with\n permissions to configure VCPU affinity to cause a denial of\n service (memory corruption and xend toolstack crash) and\n possibly gain privileges via a crafted cpumap. (bnc#819416)\n\n *\n\n XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to "other problems" that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to "pointer dereferences" involving\n unexpected calculations. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n\n *\n\n XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x\n does not properly restrict the contents of a XRSTOR, which\n allows local PV guest users to cause a denial of service\n (unhandled exception and hypervisor crash) via unspecified\n vectors. (bnc#820919)\n\n *\n\n XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x,\n when running on AMD64 processors, only save/restore the\n FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an\n exception is pending, which allows one domain to determine\n portions of the state of floating point instructions of\n other domains, which can be leveraged to obtain sensitive\n information such as cryptographic keys, a similar\n vulnerability to CVE-2006-1056. NOTE: this is the\n documented behavior of AMD64 processors, but it is\n inconsistent with Intel processors in a security-relevant\n fashion that was not addressed by the kernels. (bnc#820917)\n\n *\n\n XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x\n incorrectly releases a grant reference when releasing a\n non-v1, non-transitive grant, which allows local guest\n administrators to cause a denial of service (host crash),\n obtain sensitive information, or possible have other\n impacts via unspecified vectors. (bnc#816156)\n\n *\n\n XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d\n for a bus mastering capable PCI device, does not properly\n check the source when accessing a bridge device's interrupt\n remapping table entries for MSI interrupts, which allows\n local guest domains to cause a denial of service (interrupt\n injection) via unspecified vectors. (bnc#816163)\n\n *\n\n XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running "under memory pressure" and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n\n *\n\n XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not\n properly restrict access to IRQs, which allows local stub\n domain clients to gain access to IRQs and cause a denial of\n service via vectors related to "passed-through IRQs or PCI\n devices." (bnc#813675)\n\n *\n\n XSA-45: CVE-2013-1918: Certain page table\n manipulation operations in Xen 4.1.x, 4.2.x, and earlier\n are not preemptible, which allows local PV kernels to cause\n a denial of service via vectors related to "deep page table\n traversal." (bnc#816159)\n\n *\n\n XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n\n *\n\n XSA-41: CVE-2012-6075: Buffer overflow in the\n e1000_receive function in the e1000 device driver\n (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the\n SBP and LPE flags are disabled, allows remote attackers to\n cause a denial of service (guest OS crash) and possibly\n execute arbitrary guest code via a large packet.\n (bnc#797523)\n\n *\n\n XSA-37: CVE-2013-0154: The get_page_type function in\n xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,\n allows local PV or HVM guest administrators to cause a\n denial of service (assertion failure and hypervisor crash)\n via unspecified vectors related to a hypercall. (bnc#797031)\n\n *\n\n XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen\n 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi\n for PCI passthrough, uses the same interrupt remapping\n table for the host and all guests, which allows guests to\n cause a denial of service by injecting an interrupt into\n other guests. (bnc#800275)\n\n *\n\n XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0,\n when using Intel VT-d for PCI passthrough, does not\n properly configure VT-d when supporting a device that is\n behind a legacy PCI Bridge, which allows local guests to\n cause a denial of service to other guests by injecting an\n interrupt. (bnc#794316)\n\n *\n\n XSA-31: CVE-2012-5515: The (1)\n XENMEM_decrease_reservation, (2) XENMEM_populate_physmap,\n and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier\n allow local guest administrators to cause a denial of\n service (long loop and hang) via a crafted extent_order\n value. (bnc#789950)\n\n *\n\n XSA-30: CVE-2012-5514: The\n guest_physmap_mark_populate_on_demand function in Xen 4.2\n and earlier does not properly unlock the subject GFNs when\n checking if they are in use, which allows local guest HVM\n administrators to cause a denial of service (hang) via\n unspecified vectors. (bnc#789948)\n\n *\n\n XSA-29: CVE-2012-5513: The XENMEM_exchange handler in\n Xen 4.2 and earlier does not properly check the memory\n address, which allows local PV guest OS administrators to\n cause a denial of service (crash) or possibly gain\n privileges via unspecified vectors that overwrite memory in\n the hypervisor reserved range. (bnc#789951)\n\n *\n\n XSA-27: CVE-2012-6333: Multiple HVM control\n operations in Xen 3.4 through 4.2 allow local HVM guest OS\n administrators to cause a denial of service (physical CPU\n consumption) via a large input. (bnc#789944)\n\n *\n\n XSA-27: CVE-2012-5511: Stack-based buffer overflow in\n the dirty video RAM tracking functionality in Xen 3.4\n through 4.1 allows local HVM guest OS administrators to\n cause a denial of service (crash) via a large bitmap image.\n (bnc#789944)\n\n *\n\n XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the\n grant table version, does not properly remove the status\n page from the tracking list when freeing the page, which\n allows local guest OS administrators to cause a denial of\n service (hypervisor crash) via unspecified vectors.\n (bnc#789945)\n\n *\n\n XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n\n *\n\n XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when\n running 32-bit x86 PV guests on 64-bit hypervisors, allows\n local guest OS administrators to cause a denial of service\n (infinite loop and hang or crash) via invalid arguments to\n GNTTABOP_get_status_frames, aka "Grant table hypercall\n infinite loop DoS vulnerability." (bnc#786520)\n\n *\n\n XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying\n hypercall in Xen 4.0, 4.1, and 4.2 does not properly check\n the pagetable state when running on shadow pagetables,\n which allows a local HVM guest OS to cause a denial of\n service (hypervisor crash) via unspecified vectors.\n (bnc#786519)\n\n *\n\n XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and\n possibly earlier versions, does not properly synchronize\n the p2m and m2p tables when the set_p2m_entry function\n fails, which allows local HVM guest OS administrators to\n cause a denial of service (memory consumption and assertion\n failure), aka "Memory mapping failure DoS vulnerability."\n (bnc#786517)\n\n *\n\n XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and\n possibly earlier versions, allows local guest OS\n administrators to cause a denial of service (Xen infinite\n loop and physical CPU consumption) by setting a VCPU with\n an "inappropriate deadline." (bnc#786516)\n\n *\n\n XSA-19: CVE-2012-4411: The graphical console in Xen\n 4.0, 4.1 and 4.2 allows local OS guest administrators to\n obtain sensitive host resource information via the qemu\n monitor. NOTE: this might be a duplicate of CVE-2007-0998.\n (bnc#779212)\n\n *\n\n XSA-15: CVE-2012-3497: (1)\n TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)\n TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS\n and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in\n Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a\n denial of service (NULL pointer dereference or memory\n corruption and host crash) or possibly have other\n unspecified impacts via a NULL client id. (bnc#777890)\n\n Also the following non-security bugs have been fixed:\n\n * xen hot plug attach/detach fails modified\n blktap-pv-cdrom.patch. (bnc#805094)\n * guest "disappears" after live migration Updated\n block-dmmd script. (bnc#777628)\n\n Security Issues references:\n\n * CVE-2006-1056\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056</a>\n >\n * CVE-2007-0998\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998</a>\n >\n * CVE-2012-3497\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497</a>\n >\n * CVE-2012-4411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411</a>\n >\n * CVE-2012-4535\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535</a>\n >\n * CVE-2012-4537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537</a>\n >\n * CVE-2012-4538\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538</a>\n >\n * CVE-2012-4539\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539</a>\n >\n * CVE-2012-4544\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544</a>\n >\n * CVE-2012-5510\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510</a>\n >\n * CVE-2012-5511\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511</a>\n >\n * CVE-2012-5513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513</a>\n >\n * CVE-2012-5514\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514</a>\n >\n * CVE-2012-5515\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515</a>\n >\n * CVE-2012-5634\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634</a>\n >\n * CVE-2012-6075\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075</a>\n >\n * CVE-2012-6333\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333</a>\n >\n * CVE-2013-0153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153</a>\n >\n * CVE-2013-0154\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154</a>\n >\n * CVE-2013-1432\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432</a>\n >\n * CVE-2013-1442\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442</a>\n >\n * CVE-2013-1917\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917</a>\n >\n * CVE-2013-1918\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918</a>\n >\n * CVE-2013-1919\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919</a>\n >\n * CVE-2013-1920\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920</a>\n >\n * CVE-2013-1952\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952</a>\n >\n * CVE-2013-1964\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964</a>\n >\n * CVE-2013-2072\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072</a>\n >\n * CVE-2013-2076\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076</a>\n >\n * CVE-2013-2077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077</a>\n >\n * CVE-2013-2194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194</a>\n >\n * CVE-2013-2195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195</a>\n >\n * CVE-2013-2196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196</a>\n >\n * CVE-2013-2211\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211</a>\n >\n * CVE-2013-2212\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212</a>\n >\n * CVE-2013-4329\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329</a>\n >\n * CVE-2013-4355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355</a>\n >\n * CVE-2013-4361\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361</a>\n >\n * CVE-2013-4368\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368</a>\n >\n * CVE-2013-4494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494</a>\n >\n * CVE-2013-4553\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553</a>\n >\n * CVE-2013-4554\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554</a>\n >\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>\n >\n * CVE-2014-1891\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891</a>\n >\n * CVE-2014-1892\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892</a>\n >\n * CVE-2014-1893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893</a>\n >\n * CVE-2014-1894\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894</a>\n >\n", "edition": 1, "modified": "2014-03-25T23:04:15", "published": "2014-03-25T23:04:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", "id": "SUSE-SU-2014:0446-1", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
