ID de Prueba:	1.3.6.1.4.1.25623.1.0.140173
Categoría:	Citrix Xenserver Local Security Checks
Título:	Citrix XenServer Multiple Security Updates (CTX220771)
Resumen:	Two security issues have been identified within Citrix XenServer.
Descripción:	Summary: Two security issues have been identified within Citrix XenServer. Vulnerability Insight: The following vulnerabilities have been addressed: - CVE-2017-2615 (High): QEMU: oob access in cirrus bitblt copy - CVE-2017-2620 (High): QEMU: cirrus_bitblt_cputovideo does not check if memory region is safe. Customers using only PV guest VMs are not affected by this vulnerability. Customers using only VMs that use the std-vga graphics emulation are not affected by this vulnerability. Vulnerability Impact: These issues could, if exploited, allow the administrator of an HVM guest VM to compromise the host. Affected Software/OS: XenServer 7.0 XenServer 6.5 XenServer 6.2.0 XenServer 6.0.2 Solution: Apply the hotfix referenced in the advisory. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2615 1037804 http://www.securitytracker.com/id/1037804 95990 http://www.securityfocus.com/bid/95990 GLSA-201702-27 https://security.gentoo.org/glsa/201702-27 GLSA-201702-28 https://security.gentoo.org/glsa/201702-28 RHSA-2017:0309 http://rhn.redhat.com/errata/RHSA-2017-0309.html RHSA-2017:0328 http://rhn.redhat.com/errata/RHSA-2017-0328.html RHSA-2017:0329 http://rhn.redhat.com/errata/RHSA-2017-0329.html RHSA-2017:0330 http://rhn.redhat.com/errata/RHSA-2017-0330.html RHSA-2017:0331 http://rhn.redhat.com/errata/RHSA-2017-0331.html RHSA-2017:0332 http://rhn.redhat.com/errata/RHSA-2017-0332.html RHSA-2017:0333 http://rhn.redhat.com/errata/RHSA-2017-0333.html RHSA-2017:0334 http://rhn.redhat.com/errata/RHSA-2017-0334.html RHSA-2017:0344 http://rhn.redhat.com/errata/RHSA-2017-0344.html RHSA-2017:0350 http://rhn.redhat.com/errata/RHSA-2017-0350.html RHSA-2017:0396 http://rhn.redhat.com/errata/RHSA-2017-0396.html RHSA-2017:0454 http://rhn.redhat.com/errata/RHSA-2017-0454.html [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html [oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode http://www.openwall.com/lists/oss-security/2017/02/01/6 [qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615) https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615 https://support.citrix.com/article/CTX220771 Common Vulnerability Exposure (CVE) ID: CVE-2017-2620 BugTraq ID: 96378 http://www.securityfocus.com/bid/96378 https://security.gentoo.org/glsa/201703-07 https://security.gentoo.org/glsa/201704-01 https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html http://www.openwall.com/lists/oss-security/2017/02/21/1 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html RedHat Security Advisories: RHSA-2017:0328 RedHat Security Advisories: RHSA-2017:0329 RedHat Security Advisories: RHSA-2017:0330 RedHat Security Advisories: RHSA-2017:0331 RedHat Security Advisories: RHSA-2017:0332 RedHat Security Advisories: RHSA-2017:0333 RedHat Security Advisories: RHSA-2017:0334 RedHat Security Advisories: RHSA-2017:0350 RedHat Security Advisories: RHSA-2017:0351 http://rhn.redhat.com/errata/RHSA-2017-0351.html RedHat Security Advisories: RHSA-2017:0352 http://rhn.redhat.com/errata/RHSA-2017-0352.html RedHat Security Advisories: RHSA-2017:0396 RedHat Security Advisories: RHSA-2017:0454 http://www.securitytracker.com/id/1037870
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.