Test ID:	1.3.6.1.4.1.25623.1.0.105465
Category:	Citrix Xenserver Local Security Checks
Title:	Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)
Summary:	A security vulnerability has been identified in Citrix XenServer that; may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all; currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.
Description:	Summary: A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. Affected Software/OS: Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. Solution: Apply the hotfix referenced in the advisory. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5307 1034105 http://www.securitytracker.com/id/1034105 77528 http://www.securityfocus.com/bid/77528 DSA-3396 http://www.debian.org/security/2015/dsa-3396 DSA-3414 http://www.debian.org/security/2015/dsa-3414 DSA-3454 http://www.debian.org/security/2016/dsa-3454 FEDORA-2015-394835a3f6 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html FEDORA-2015-668d213dc3 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html FEDORA-2015-f150b2a8c8 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html RHSA-2015:2636 http://rhn.redhat.com/errata/RHSA-2015-2636.html RHSA-2015:2645 http://rhn.redhat.com/errata/RHSA-2015-2645.html RHSA-2016:0046 http://rhn.redhat.com/errata/RHSA-2016-0046.html SUSE-SU-2015:2108 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html SUSE-SU-2015:2194 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html SUSE-SU-2015:2339 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html SUSE-SU-2015:2350 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html SUSE-SU-2016:0354 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html SUSE-SU-2016:2074 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html USN-2800-1 http://www.ubuntu.com/usn/USN-2800-1 USN-2801-1 http://www.ubuntu.com/usn/USN-2801-1 USN-2802-1 http://www.ubuntu.com/usn/USN-2802-1 USN-2803-1 http://www.ubuntu.com/usn/USN-2803-1 USN-2804-1 http://www.ubuntu.com/usn/USN-2804-1 USN-2805-1 http://www.ubuntu.com/usn/USN-2805-1 USN-2806-1 http://www.ubuntu.com/usn/USN-2806-1 USN-2807-1 http://www.ubuntu.com/usn/USN-2807-1 [oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception http://www.openwall.com/lists/oss-security/2015/11/10/6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed http://support.citrix.com/article/CTX202583 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://xenbits.xen.org/xsa/advisory-156.html https://bugzilla.redhat.com/show_bug.cgi?id=1277172 https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed https://kb.juniper.net/JSA10783 openSUSE-SU-2015:2232 http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html openSUSE-SU-2015:2250 http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8104 BugTraq ID: 77524 http://www.securityfocus.com/bid/77524 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Debian Security Information: DSA-3414 (Google Search) Debian Security Information: DSA-3426 (Google Search) http://www.debian.org/security/2015/dsa-3426 Debian Security Information: DSA-3454 (Google Search) http://www.openwall.com/lists/oss-security/2015/11/10/5 http://www.openwall.com/lists/oss-security/2023/10/10/4 RedHat Security Advisories: RHSA-2015:2636 RedHat Security Advisories: RHSA-2015:2645 RedHat Security Advisories: RHSA-2016:0046 SuSE Security Announcement: SUSE-SU-2015:2108 (Google Search) SuSE Security Announcement: SUSE-SU-2015:2194 (Google Search) SuSE Security Announcement: SUSE-SU-2015:2339 (Google Search) SuSE Security Announcement: SUSE-SU-2015:2350 (Google Search) SuSE Security Announcement: SUSE-SU-2016:0354 (Google Search) SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search) SuSE Security Announcement: openSUSE-SU-2015:2232 (Google Search) SuSE Security Announcement: openSUSE-SU-2015:2250 (Google Search) SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2840-1 http://www.ubuntu.com/usn/USN-2841-1 http://www.ubuntu.com/usn/USN-2841-2 http://www.ubuntu.com/usn/USN-2842-1 http://www.ubuntu.com/usn/USN-2842-2 http://www.ubuntu.com/usn/USN-2843-1 http://www.ubuntu.com/usn/USN-2843-2 http://www.ubuntu.com/usn/USN-2844-1
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.