ID de Prueba:	1.3.6.1.4.1.25623.1.0.105732
Categoría:	Citrix Xenserver Local Security Checks
Título:	Citrix XenServer Multiple Security Updates (CTX212736)
Resumen:	A number of security vulnerabilities have been identified in; Citrix XenServer that may allow a malicious administrator of a guest VM (depending on configuration); or an attacker on the management network to compromise the host.
Descripción:	Summary: A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM (depending on configuration) or an attacker on the management network to compromise the host. Affected Software/OS: These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3710 1035794 http://www.securitytracker.com/id/1035794 90316 http://www.securityfocus.com/bid/90316 DSA-3573 http://www.debian.org/security/2016/dsa-3573 RHSA-2016:0724 http://rhn.redhat.com/errata/RHSA-2016-0724.html RHSA-2016:0725 http://rhn.redhat.com/errata/RHSA-2016-0725.html RHSA-2016:0997 http://rhn.redhat.com/errata/RHSA-2016-0997.html RHSA-2016:0999 http://rhn.redhat.com/errata/RHSA-2016-0999.html RHSA-2016:1000 http://rhn.redhat.com/errata/RHSA-2016-1000.html RHSA-2016:1001 http://rhn.redhat.com/errata/RHSA-2016-1001.html RHSA-2016:1002 http://rhn.redhat.com/errata/RHSA-2016-1002.html RHSA-2016:1019 http://rhn.redhat.com/errata/RHSA-2016-1019.html RHSA-2016:1224 https://access.redhat.com/errata/RHSA-2016:1224 RHSA-2016:1943 http://rhn.redhat.com/errata/RHSA-2016-1943.html USN-2974-1 http://www.ubuntu.com/usn/USN-2974-1 [Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710) https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html [oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue http://www.openwall.com/lists/oss-security/2016/05/09/3 http://support.citrix.com/article/CTX212736 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://xenbits.xen.org/xsa/advisory-179.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862 Common Vulnerability Exposure (CVE) ID: CVE-2016-3712 90314 http://www.securityfocus.com/bid/90314 RHSA-2016:2585 http://rhn.redhat.com/errata/RHSA-2016-2585.html RHSA-2017:0621 http://rhn.redhat.com/errata/RHSA-2017-0621.html [Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html [oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues http://www.openwall.com/lists/oss-security/2016/05/09/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-2107 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html BugTraq ID: 89760 http://www.securityfocus.com/bid/89760 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Cisco Security Advisory: 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl Debian Security Information: DSA-3566 (Google Search) http://www.debian.org/security/2016/dsa-3566 https://www.exploit-db.com/exploits/39768/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html FreeBSD Security Advisory: FreeBSD-SA-16:17 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc https://security.gentoo.org/glsa/201612-16 http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/ RedHat Security Advisories: RHSA-2016:0722 http://rhn.redhat.com/errata/RHSA-2016-0722.html RedHat Security Advisories: RHSA-2016:0996 http://rhn.redhat.com/errata/RHSA-2016-0996.html RedHat Security Advisories: RHSA-2016:2073 http://rhn.redhat.com/errata/RHSA-2016-2073.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1035721 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103 SuSE Security Announcement: SUSE-SU-2016:1206 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html SuSE Security Announcement: SUSE-SU-2016:1228 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html SuSE Security Announcement: SUSE-SU-2016:1233 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:1237 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:1238 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html SuSE Security Announcement: openSUSE-SU-2016:1240 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:1243 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html http://www.ubuntu.com/usn/USN-2959-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2108 BugTraq ID: 89752 http://www.securityfocus.com/bid/89752 RedHat Security Advisories: RHSA-2016:1137 https://access.redhat.com/errata/RHSA-2016:1137 RedHat Security Advisories: RHSA-2016:2056 http://rhn.redhat.com/errata/RHSA-2016-2056.html RedHat Security Advisories: RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0193 RedHat Security Advisories: RHSA-2017:0194 https://access.redhat.com/errata/RHSA-2017:0194 SuSE Security Announcement: SUSE-SU-2016:1231 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html SuSE Security Announcement: SUSE-SU-2016:1267 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html SuSE Security Announcement: SUSE-SU-2016:1290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html SuSE Security Announcement: SUSE-SU-2016:1360 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html SuSE Security Announcement: openSUSE-SU-2016:1239 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:1241 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html SuSE Security Announcement: openSUSE-SU-2016:1242 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:1273 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.