English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702636
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2636-1)
Summary:The remote host is missing an update for the Debian 'xen' package(s) announced via the DSA-2636-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'xen' package(s) announced via the DSA-2636-1 advisory.

Vulnerability Insight:
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2012-4544

Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service.

CVE-2012-5511

Several HVM control operations performed insufficient validation of input, which could result in denial of service through resource exhaustion.

CVE-2012-5634

Incorrect interrupt handling when using VT-d hardware could result in denial of service.

CVE-2013-0153

Insufficient restriction of interrupt access could result in denial of service.

For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.8.

For the testing distribution (wheezy), these problems have been fixed in version 4.1.4-2.

For the unstable distribution (sid), these problems have been fixed in version 4.1.4-2.

We recommend that you upgrade your xen packages.

Affected Software/OS:
'xen' package(s) on Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.1

CVSS Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2625
BugTraq ID: 53650
http://www.securityfocus.com/bid/53650
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817
http://www.openwall.com/lists/oss-security/2012/10/26/3
RedHat Security Advisories: RHSA-2012:1130
http://rhn.redhat.com/errata/RHSA-2012-1130.html
http://www.securitytracker.com/id?1027090
http://secunia.com/advisories/49184
http://secunia.com/advisories/51413
SuSE Security Announcement: SUSE-SU-2012:1043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html
SuSE Security Announcement: SUSE-SU-2012:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html
SuSE Security Announcement: SUSE-SU-2012:1135 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
SuSE Security Announcement: openSUSE-SU-2012:1172 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1174 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-4544
1027699
http://www.securitytracker.com/id?1027699
51071
http://secunia.com/advisories/51071
51324
http://secunia.com/advisories/51324
51352
http://secunia.com/advisories/51352
51413
56289
http://www.securityfocus.com/bid/56289
86619
http://osvdb.org/86619
DSA-2636
http://www.debian.org/security/2013/dsa-2636
FEDORA-2012-17135
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html
FEDORA-2012-17204
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html
FEDORA-2012-17408
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html
RHSA-2013:0241
http://rhn.redhat.com/errata/RHSA-2013-0241.html
SUSE-SU-2012:1486
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
SUSE-SU-2012:1487
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
SUSE-SU-2014:0411
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
SUSE-SU-2014:0446
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SUSE-SU-2014:0470
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
openSUSE-SU-2012:1572
openSUSE-SU-2012:1573
xen-pvdomainbuilder-dos(79617)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79617
Common Vulnerability Exposure (CVE) ID: CVE-2012-5511
51397
http://secunia.com/advisories/51397
51486
http://secunia.com/advisories/51486
51487
http://secunia.com/advisories/51487
55082
http://secunia.com/advisories/55082
56796
http://www.securityfocus.com/bid/56796
88129
http://www.osvdb.org/88129
GLSA-201309-24
http://security.gentoo.org/glsa/glsa-201309-24.xml
SUSE-SU-2012:1615
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
[oss-security] 20121203 Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs
http://www.openwall.com/lists/oss-security/2012/12/03/10
http://support.citrix.com/article/CTX135777
openSUSE-SU-2012:1685
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
openSUSE-SU-2012:1687
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
openSUSE-SU-2013:0133
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
openSUSE-SU-2013:0636
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
openSUSE-SU-2013:0637
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
xen-hvm-dos(80484)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80484
Common Vulnerability Exposure (CVE) ID: CVE-2012-5634
[oss-security] 20130109 Xen Security Advisory 33 (CVE-2012-5634) - VT-d interrupt remapping source validation flaw
http://www.openwall.com/lists/oss-security/2013/01/09/5
openSUSE-SU-2013:0912
http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-6333
BugTraq ID: 56796
SuSE Security Announcement: SUSE-SU-2012:1615 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
XForce ISS Database: xen-hvm-dos(80484)
Common Vulnerability Exposure (CVE) ID: CVE-2013-0153
51881
http://secunia.com/advisories/51881
57745
http://www.securityfocus.com/bid/57745
89867
http://osvdb.org/89867
RHSA-2013:0847
http://rhn.redhat.com/errata/RHSA-2013-0847.html
[oss-security] 20130205 Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs
http://www.openwall.com/lists/oss-security/2013/02/05/7
xen-amdiommu-dos(81831)
https://exchange.xforce.ibmcloud.com/vulnerabilities/81831
CopyrightCopyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.