Test ID:	1.3.6.1.4.1.25623.1.0.122592
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2008-0194)
Summary:	The remote host is missing an update for the 'xen' package(s) announced via the ELSA-2008-0194 advisory.
Description:	Summary: The remote host is missing an update for the 'xen' package(s) announced via the ELSA-2008-0194 advisory. Vulnerability Insight: [3.0.3-41.el5_1.5] - Disable QEMU image format auto-detection CVE-2008-2004 (rhbz #444700) [3.0.3-41.el5_1.4] - Fix PVFB to validate frame buffer description (rhbz #443376) - Fix PVFB to cope with bogus update requests (rhbz #368931) [3.0.3-41.el5_1.3] - Fix QEMU buffer overflow CVE-2007-5730 (rhbz #360381) - Fix QEMU block device extents checking CVE-2008-0928 (rhbz #433560) [3.0.3-41.el5_1.2] - Fix FV O_DIRECT flushing (rhbz #435495) [3.0.3-41.el5_1.1] - Fixed xenbaked tmpfile flaw (CVE-2007-3919) (rhbz #350421) Affected Software/OS: 'xen' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3919 BugTraq ID: 26190 http://www.securityfocus.com/bid/26190 Debian Security Information: DSA-1395 (Google Search) http://www.debian.org/security/2007/dsa-1395 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795 http://osvdb.org/41342 http://osvdb.org/41343 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securitytracker.com/id?1018859 http://secunia.com/advisories/27389 http://secunia.com/advisories/27408 http://secunia.com/advisories/27486 http://secunia.com/advisories/27497 http://secunia.com/advisories/29963 http://www.vupen.com/english/advisories/2007/3621 XForce ISS Database: xen-xenqshm-symlink(37403) https://exchange.xforce.ibmcloud.com/vulnerabilities/37403 Common Vulnerability Exposure (CVE) ID: CVE-2007-5730 BugTraq ID: 23731 http://www.securityfocus.com/bid/23731 Debian Security Information: DSA-1284 (Google Search) http://www.debian.org/security/2007/dsa-1284 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://taviso.decsystem.org/virtsec.pdf http://osvdb.org/42985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000 http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/29129 http://www.attrition.org/pipermail/vim/2007-October/001842.html http://www.vupen.com/english/advisories/2007/1597 XForce ISS Database: qemu-net-socket-bo(38239) https://exchange.xforce.ibmcloud.com/vulnerabilities/38239 Common Vulnerability Exposure (CVE) ID: CVE-2008-0928 BugTraq ID: 28001 http://www.securityfocus.com/bid/28001 Debian Security Information: DSA-1799 (Google Search) http://www.debian.org/security/2009/dsa-1799 http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://marc.info/?l=debian-security&m=120343592917055&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706 http://secunia.com/advisories/29081 http://secunia.com/advisories/29136 http://secunia.com/advisories/29172 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2008-1943 1020008 http://www.securitytracker.com/id?1020008 29183 http://www.securityfocus.com/bid/29183 29963 30781 http://secunia.com/advisories/30781 ADV-2008-1900 http://www.vupen.com/english/advisories/2008/1900/references RHSA-2008:0194 https://bugzilla.redhat.com/show_bug.cgi?id=443078 oval:org.mitre.oval:def:10338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 xen-pvfb-description-dos(42387) https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 Common Vulnerability Exposure (CVE) ID: CVE-2008-1944 1020009 http://www.securitytracker.com/id?1020009 29186 http://www.securityfocus.com/bid/29186 https://bugzilla.redhat.com/show_bug.cgi?id=443390 oval:org.mitre.oval:def:10868 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10868 xen-pvfb-message-dos(42388) https://exchange.xforce.ibmcloud.com/vulnerabilities/42388 Common Vulnerability Exposure (CVE) ID: CVE-2008-2004 BugTraq ID: 29101 http://www.securityfocus.com/bid/29101 http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021 http://secunia.com/advisories/30111 http://secunia.com/advisories/30717 http://secunia.com/advisories/35062 SuSE Security Announcement: SUSE-SR:2008:013 (Google Search) http://www.novell.com/linux/security/advisories/2008_13_sr.html http://www.ubuntu.com/usn/usn-776-1 XForce ISS Database: qemu-driveinit-security-bypass(42268) https://exchange.xforce.ibmcloud.com/vulnerabilities/42268
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.