ID de Prueba:	1.3.6.1.4.1.25623.1.0.881594
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for xen CESA-2013:0241 centos5
Resumen:	The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'xen' package(s) announced via the referenced advisory. Vulnerability Insight: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged guest user in a para-virtualized guest (a DomU) could create a crafted kernel or ramdisk image that, when attempting to use it during guest start, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-4544) Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. Affected Software/OS: xen on CentOS 5 Solution: Please install the updated packages. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4544 1027699 http://www.securitytracker.com/id?1027699 51071 http://secunia.com/advisories/51071 51324 http://secunia.com/advisories/51324 51352 http://secunia.com/advisories/51352 51413 http://secunia.com/advisories/51413 56289 http://www.securityfocus.com/bid/56289 86619 http://osvdb.org/86619 DSA-2636 http://www.debian.org/security/2013/dsa-2636 FEDORA-2012-17135 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html FEDORA-2012-17204 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html FEDORA-2012-17408 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html RHSA-2013:0241 http://rhn.redhat.com/errata/RHSA-2013-0241.html SUSE-SU-2012:1486 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html SUSE-SU-2012:1487 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html SUSE-SU-2014:0411 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html SUSE-SU-2014:0446 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html SUSE-SU-2014:0470 http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html [oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk http://www.openwall.com/lists/oss-security/2012/10/26/3 openSUSE-SU-2012:1572 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html openSUSE-SU-2012:1573 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html xen-pvdomainbuilder-dos(79617) https://exchange.xforce.ibmcloud.com/vulnerabilities/79617
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.