Test ID:	1.3.6.1.4.1.25623.1.0.105258
Category:	Citrix Xenserver Local Security Checks
Title:	Citrix XenServer Multiple Security Updates (CTX200892)
Summary:	A number of security vulnerabilities have; been identified in Citrix XenServer. These vulnerabilities could, if exploited,; allow a malicious administrator of an HVM guest to compromise the host.
Description:	Summary: A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities could, if exploited, allow a malicious administrator of an HVM guest to compromise the host. Vulnerability Insight: The following vulnerabilities have been addressed: - CVE-2014-8106 (High): Heap-based buffer overflow in the Cirrus VGA emulator - CVE-2014-7815 (Low): The set_pixel_format function in QEMU allows a denial of service (crash) - CVE-2014-3615 (Low): The VGA emulator in QEMU allows users to read memory Affected Software/OS: XenServer 6.5 XenServer 6.2.0 XenServer 6.1.0 XenServer 6.0.2 XenServer 6.0 Solution: Apply the hotfix referenced in the advisory. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8106 60364 http://secunia.com/advisories/60364 71477 http://www.securityfocus.com/bid/71477 DSA-3087 http://www.debian.org/security/2014/dsa-3087 DSA-3088 http://www.debian.org/security/2014/dsa-3088 FEDORA-2015-5482 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html RHSA-2015:0643 http://rhn.redhat.com/errata/RHSA-2015-0643.html RHSA-2015:0795 http://rhn.redhat.com/errata/RHSA-2015-0795.html RHSA-2015:0867 http://rhn.redhat.com/errata/RHSA-2015-0867.html RHSA-2015:0868 http://rhn.redhat.com/errata/RHSA-2015-0868.html RHSA-2015:0891 http://rhn.redhat.com/errata/RHSA-2015-0891.html [Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106) http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html [oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks http://www.openwall.com/lists/oss-security/2014/12/04/8 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0 http://support.citrix.com/article/CTX200892 qemu-cve20148106-sec-bypass(99126) https://exchange.xforce.ibmcloud.com/vulnerabilities/99126 Common Vulnerability Exposure (CVE) ID: CVE-2014-7815 61484 http://secunia.com/advisories/61484 62143 http://secunia.com/advisories/62143 62144 http://secunia.com/advisories/62144 DSA-3066 http://www.debian.org/security/2014/dsa-3066 DSA-3067 http://www.debian.org/security/2014/dsa-3067 SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html USN-2409-1 http://www.ubuntu.com/usn/USN-2409-1 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 https://bugzilla.redhat.com/show_bug.cgi?id=1157641 Common Vulnerability Exposure (CVE) ID: CVE-2014-3615 BugTraq ID: 69654 http://www.securityfocus.com/bid/69654 Debian Security Information: DSA-3044 (Google Search) http://www.debian.org/security/2014/dsa-3044 RedHat Security Advisories: RHSA-2014:1669 http://rhn.redhat.com/errata/RHSA-2014-1669.html RedHat Security Advisories: RHSA-2014:1670 http://rhn.redhat.com/errata/RHSA-2014-1670.html RedHat Security Advisories: RHSA-2014:1941 http://rhn.redhat.com/errata/RHSA-2014-1941.html http://secunia.com/advisories/61829 SuSE Security Announcement: openSUSE-SU-2015:0732 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.