English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2017.0012
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2017-0012)
Zusammenfassung:The remote host is missing an update for the 'xen' package(s) announced via the MGASA-2017-0012 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the MGASA-2017-0012 advisory.

Vulnerability Insight:
This xen update is based on upstream 4.5.5 maintenance release, and fixes
the following security issues:

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest
OS users to cause a denial of service (host disk consumption) by writing
to stdout or stderr (CVE-2014-3672)

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle
writes to the hardware FSW.ES bit when running on AMD64 processors, which
allows local guest OS users to obtain sensitive register content information
from another guest by leveraging pending exception and mask bits. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2013-2076
(CVE-2016-3158).

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly
handle writes to the hardware FSW.ES bit when running on AMD64 processors,
which allows local guest OS users to obtain sensitive register content
information from another guest by leveraging pending exception and mask
bits. NOTE: this vulnerability exists because of an incorrect fix for
CVE-2013-2076 (CVE-2016-3159).

The VGA module in QEMU improperly performs bounds checking on banked access
to video memory, which allows local guest OS administrators to execute
arbitrary code on the host by changing access modes after setting the bank
register, aka the 'Dark Portal' issue (CVE-2016-3710).

Integer overflow in the VGA module in QEMU allows local guest OS users to
cause a denial of service (out-of-bounds read and QEMU process crash) by
editing VGA registers in VBE mode (CVE-2016-3712).

Integer overflow in the x86 shadow pagetable code in Xen allows local guest
OS users to cause a denial of service (host crash) or possibly gain
privileges by shadowing a superpage mapping (CVE-2016-3960).

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest
administrators to cause a denial of service (resource consumption or
management facility confusion) or gain host OS privileges by manipulating
information in guest controlled areas of xenstore (CVE-2016-4962).

The libxl device-handling in Xen through 4.6.x allows local guest OS users
with access to the driver domain to cause a denial of service (management
tool confusion) by manipulating information in the backend directories in
xenstore (CVE-2016-4963).

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and
earlier does not properly handle the Page Size (PS) page table entry bit at
the L4 and L3 page table levels, which might allow local guest OS users to
gain privileges via a crafted mapping of memory (CVE-2016-4480).

The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows
local guest OS users with access to the driver domain to cause a denial of
service (NULL pointer dereference and host OS crash) by creating concurrent
domains and holding references to them, related to VMID exhaustion
(CVE-2016-5242).

The virtqueue_pop ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'xen' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3672
1035945
http://www.securitytracker.com/id/1035945
[oss-security] 20160524 CVE-2014-3672 libvirt: DoS via excessive logging
http://www.openwall.com/lists/oss-security/2016/05/24/5
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://xenbits.xen.org/xsa/advisory-180.html
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf
https://libvirt.org/news-2015.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-10013
BugTraq ID: 94963
http://www.securityfocus.com/bid/94963
Debian Security Information: DSA-3847 (Google Search)
http://www.debian.org/security/2017/dsa-3847
http://www.securitytracker.com/id/1037491
Common Vulnerability Exposure (CVE) ID: CVE-2016-10024
BugTraq ID: 95021
http://www.securityfocus.com/bid/95021
https://security.gentoo.org/glsa/201612-56
http://www.securitytracker.com/id/1037517
Common Vulnerability Exposure (CVE) ID: CVE-2016-3158
BugTraq ID: 85714
http://www.securityfocus.com/bid/85714
Debian Security Information: DSA-3554 (Google Search)
http://www.debian.org/security/2016/dsa-3554
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
http://www.securitytracker.com/id/1035435
Common Vulnerability Exposure (CVE) ID: CVE-2016-3159
BugTraq ID: 85716
http://www.securityfocus.com/bid/85716
Common Vulnerability Exposure (CVE) ID: CVE-2016-3710
1035794
http://www.securitytracker.com/id/1035794
90316
http://www.securityfocus.com/bid/90316
DSA-3573
http://www.debian.org/security/2016/dsa-3573
RHSA-2016:0724
http://rhn.redhat.com/errata/RHSA-2016-0724.html
RHSA-2016:0725
http://rhn.redhat.com/errata/RHSA-2016-0725.html
RHSA-2016:0997
http://rhn.redhat.com/errata/RHSA-2016-0997.html
RHSA-2016:0999
http://rhn.redhat.com/errata/RHSA-2016-0999.html
RHSA-2016:1000
http://rhn.redhat.com/errata/RHSA-2016-1000.html
RHSA-2016:1001
http://rhn.redhat.com/errata/RHSA-2016-1001.html
RHSA-2016:1002
http://rhn.redhat.com/errata/RHSA-2016-1002.html
RHSA-2016:1019
http://rhn.redhat.com/errata/RHSA-2016-1019.html
RHSA-2016:1224
https://access.redhat.com/errata/RHSA-2016:1224
RHSA-2016:1943
http://rhn.redhat.com/errata/RHSA-2016-1943.html
USN-2974-1
http://www.ubuntu.com/usn/USN-2974-1
[Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html
[oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue
http://www.openwall.com/lists/oss-security/2016/05/09/3
http://support.citrix.com/article/CTX212736
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://xenbits.xen.org/xsa/advisory-179.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
Common Vulnerability Exposure (CVE) ID: CVE-2016-3712
90314
http://www.securityfocus.com/bid/90314
RHSA-2016:2585
http://rhn.redhat.com/errata/RHSA-2016-2585.html
RHSA-2017:0621
http://rhn.redhat.com/errata/RHSA-2017-0621.html
[Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html
[oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues
http://www.openwall.com/lists/oss-security/2016/05/09/4
Common Vulnerability Exposure (CVE) ID: CVE-2016-3960
BugTraq ID: 86318
http://www.securityfocus.com/bid/86318
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html
http://www.securitytracker.com/id/1035587
Common Vulnerability Exposure (CVE) ID: CVE-2016-4480
BugTraq ID: 90710
http://www.securityfocus.com/bid/90710
Debian Security Information: DSA-3633 (Google Search)
http://www.debian.org/security/2016/dsa-3633
http://www.securitytracker.com/id/1035901
Common Vulnerability Exposure (CVE) ID: CVE-2016-4962
BugTraq ID: 91006
http://www.securityfocus.com/bid/91006
http://www.securitytracker.com/id/1036023
Common Vulnerability Exposure (CVE) ID: CVE-2016-4963
https://lists.debian.org/debian-lts-announce/2018/09/msg00006.html
http://www.securitytracker.com/id/1036024
Common Vulnerability Exposure (CVE) ID: CVE-2016-5242
BugTraq ID: 91015
http://www.securityfocus.com/bid/91015
http://www.securitytracker.com/id/1036035
Common Vulnerability Exposure (CVE) ID: CVE-2016-5403
1036476
http://www.securitytracker.com/id/1036476
92148
http://www.securityfocus.com/bid/92148
RHSA-2016:1585
http://rhn.redhat.com/errata/RHSA-2016-1585.html
RHSA-2016:1586
http://rhn.redhat.com/errata/RHSA-2016-1586.html
RHSA-2016:1606
http://rhn.redhat.com/errata/RHSA-2016-1606.html
RHSA-2016:1607
http://rhn.redhat.com/errata/RHSA-2016-1607.html
RHSA-2016:1652
http://rhn.redhat.com/errata/RHSA-2016-1652.html
RHSA-2016:1653
http://rhn.redhat.com/errata/RHSA-2016-1653.html
RHSA-2016:1654
http://rhn.redhat.com/errata/RHSA-2016-1654.html
RHSA-2016:1655
http://rhn.redhat.com/errata/RHSA-2016-1655.html
RHSA-2016:1756
http://rhn.redhat.com/errata/RHSA-2016-1756.html
RHSA-2016:1763
http://rhn.redhat.com/errata/RHSA-2016-1763.html
USN-3047-1
http://www.ubuntu.com/usn/USN-3047-1
USN-3047-2
http://www.ubuntu.com/usn/USN-3047-2
[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://xenbits.xen.org/xsa/advisory-184.html
https://bugzilla.redhat.com/show_bug.cgi?id=1358359
Common Vulnerability Exposure (CVE) ID: CVE-2016-6258
BugTraq ID: 92131
http://www.securityfocus.com/bid/92131
https://security.gentoo.org/glsa/201611-09
http://www.securitytracker.com/id/1036446
Common Vulnerability Exposure (CVE) ID: CVE-2016-6259
BugTraq ID: 92130
http://www.securityfocus.com/bid/92130
http://www.securitytracker.com/id/1036447
Common Vulnerability Exposure (CVE) ID: CVE-2016-7092
BugTraq ID: 92862
http://www.securityfocus.com/bid/92862
Debian Security Information: DSA-3663 (Google Search)
http://www.debian.org/security/2016/dsa-3663
http://www.securitytracker.com/id/1036751
Common Vulnerability Exposure (CVE) ID: CVE-2016-7093
BugTraq ID: 92865
http://www.securityfocus.com/bid/92865
http://www.securitytracker.com/id/1036752
Common Vulnerability Exposure (CVE) ID: CVE-2016-7094
BugTraq ID: 92864
http://www.securityfocus.com/bid/92864
http://www.securitytracker.com/id/1036753
Common Vulnerability Exposure (CVE) ID: CVE-2016-7777
BugTraq ID: 93344
http://www.securityfocus.com/bid/93344
http://www.securitytracker.com/id/1036942
Common Vulnerability Exposure (CVE) ID: CVE-2016-9377
BugTraq ID: 94475
http://www.securityfocus.com/bid/94475
http://www.securitytracker.com/id/1037345
Common Vulnerability Exposure (CVE) ID: CVE-2016-9378
Common Vulnerability Exposure (CVE) ID: CVE-2016-9379
BugTraq ID: 94473
http://www.securityfocus.com/bid/94473
http://www.securitytracker.com/id/1037347
Common Vulnerability Exposure (CVE) ID: CVE-2016-9380
Common Vulnerability Exposure (CVE) ID: CVE-2016-9381
BugTraq ID: 94476
http://www.securityfocus.com/bid/94476
http://www.securitytracker.com/id/1037344
Common Vulnerability Exposure (CVE) ID: CVE-2016-9382
BugTraq ID: 94470
http://www.securityfocus.com/bid/94470
http://www.securitytracker.com/id/1037341
Common Vulnerability Exposure (CVE) ID: CVE-2016-9383
BugTraq ID: 94474
http://www.securityfocus.com/bid/94474
http://www.securitytracker.com/id/1037346
Common Vulnerability Exposure (CVE) ID: CVE-2016-9384
BugTraq ID: 94468
http://www.securityfocus.com/bid/94468
http://www.securitytracker.com/id/1037343
Common Vulnerability Exposure (CVE) ID: CVE-2016-9385
BugTraq ID: 94472
http://www.securityfocus.com/bid/94472
http://www.securitytracker.com/id/1037342
Common Vulnerability Exposure (CVE) ID: CVE-2016-9386
BugTraq ID: 94471
http://www.securityfocus.com/bid/94471
http://www.securitytracker.com/id/1037340
Common Vulnerability Exposure (CVE) ID: CVE-2016-9637
BugTraq ID: 94699
http://www.securityfocus.com/bid/94699
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
RedHat Security Advisories: RHSA-2016:2963
http://rhn.redhat.com/errata/RHSA-2016-2963.html
http://www.securitytracker.com/id/1037397
Common Vulnerability Exposure (CVE) ID: CVE-2016-9932
BugTraq ID: 94863
http://www.securityfocus.com/bid/94863
http://www.securitytracker.com/id/1037468
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.