English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.850650
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for xen (openSUSE-SU-2015:0732-1)
Summary:The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'xen'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Xen was updated to 4.3.4 to fix multiple vulnerabities and non-security
bugs.

The following vulnerabilities were fixed:

- Long latency MMIO mapping operations are not preemptible (XSA-125
CVE-2015-2752 bnc#922705)

- Unmediated PCI command register access in qemu (XSA-126 CVE-2015-2756
bnc#922706)

- Hypervisor memory corruption due to x86 emulator flaw (bnc#919464
CVE-2015-2151 XSA-123)

- Information leak through version information hypercall (bnc#918998
CVE-2015-2045 XSA-122)

- Information leak via internal x86 system device emulation (bnc#918995
(CVE-2015-2044 XSA-121)

- HVM qemu unexpectedly enabling emulated VGA graphics backends
(bnc#919663 CVE-2015-2152 XSA-119)

- information leakage when guest sets high resolution (bnc#895528
CVE-2014-3615)

The following non-security bugs were fixed:

- L3: XEN blktap device intermittently fails to connect (bnc#919098)

- Problems with detecting free loop devices on Xen guest startup
(bnc#903680)

- xentop reports 'Found interface vif101.0 but domain 101 does not exist.'
(bnc#861318)

- Intel ixgbe driver assigns rx/tx queues per core resulting in irq
problems on servers with a large amount of CPU cores (bnc#901488)

- SLES11 SP3 Xen VT-d igb NIC doesn't work (bnc#910254)

Affected Software/OS:
xen on openSUSE 13.1

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3615
BugTraq ID: 69654
http://www.securityfocus.com/bid/69654
Debian Security Information: DSA-3044 (Google Search)
http://www.debian.org/security/2014/dsa-3044
RedHat Security Advisories: RHSA-2014:1669
http://rhn.redhat.com/errata/RHSA-2014-1669.html
RedHat Security Advisories: RHSA-2014:1670
http://rhn.redhat.com/errata/RHSA-2014-1670.html
RedHat Security Advisories: RHSA-2014:1941
http://rhn.redhat.com/errata/RHSA-2014-1941.html
http://secunia.com/advisories/61829
SuSE Security Announcement: openSUSE-SU-2015:0732 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://www.ubuntu.com/usn/USN-2409-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-2044
BugTraq ID: 72954
http://www.securityfocus.com/bid/72954
Debian Security Information: DSA-3181 (Google Search)
http://www.debian.org/security/2015/dsa-3181
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
https://security.gentoo.org/glsa/201504-04
http://www.securitytracker.com/id/1031806
http://www.securitytracker.com/id/1031836
Common Vulnerability Exposure (CVE) ID: CVE-2015-2045
BugTraq ID: 72955
http://www.securityfocus.com/bid/72955
http://www.securitytracker.com/id/1031837
Common Vulnerability Exposure (CVE) ID: CVE-2015-2151
BugTraq ID: 73015
http://www.securityfocus.com/bid/73015
https://security.gentoo.org/glsa/201604-03
http://www.securitytracker.com/id/1031903
Common Vulnerability Exposure (CVE) ID: CVE-2015-2152
BugTraq ID: 73068
http://www.securityfocus.com/bid/73068
http://www.securitytracker.com/id/1031919
Common Vulnerability Exposure (CVE) ID: CVE-2015-2752
BugTraq ID: 73448
http://www.securityfocus.com/bid/73448
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.html
http://www.securitytracker.com/id/1031994
SuSE Security Announcement: SUSE-SU-2015:0923 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-2756
BugTraq ID: 72577
http://www.securityfocus.com/bid/72577
Debian Security Information: DSA-3259 (Google Search)
http://www.debian.org/security/2015/dsa-3259
http://lists.nongnu.org/archive/html/qemu-devel/2015-03/msg06179.html
http://www.securitytracker.com/id/1031998
http://www.ubuntu.com/usn/USN-2608-1
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.