Test ID:	1.3.6.1.4.1.25623.1.0.851154
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for xen (openSUSE-SU-2016:0123-1)
Summary:	The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'xen' package(s) announced via the referenced advisory. Vulnerability Insight: This update for xen fixes the following security issues: - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage (boo#959387) - CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988) - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006) - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918) - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception (boo#958493) - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007) - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009) - boo#958523: xen: ioreq handling possibly susceptible to multiple-read issue (XSA-166) - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018) - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832) - boo#956592: xen: virtual PMU is unsupported (XSA-163) - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408) - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409) - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411) Affected Software/OS: xen on openSUSE 13.2 Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5307 1034105 http://www.securitytracker.com/id/1034105 77528 http://www.securityfocus.com/bid/77528 DSA-3396 http://www.debian.org/security/2015/dsa-3396 DSA-3414 http://www.debian.org/security/2015/dsa-3414 DSA-3454 http://www.debian.org/security/2016/dsa-3454 FEDORA-2015-394835a3f6 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html FEDORA-2015-668d213dc3 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html FEDORA-2015-f150b2a8c8 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html RHSA-2015:2636 http://rhn.redhat.com/errata/RHSA-2015-2636.html RHSA-2015:2645 http://rhn.redhat.com/errata/RHSA-2015-2645.html RHSA-2016:0046 http://rhn.redhat.com/errata/RHSA-2016-0046.html SUSE-SU-2015:2108 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html SUSE-SU-2015:2194 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html SUSE-SU-2015:2339 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html SUSE-SU-2015:2350 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html SUSE-SU-2016:0354 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html SUSE-SU-2016:2074 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html USN-2800-1 http://www.ubuntu.com/usn/USN-2800-1 USN-2801-1 http://www.ubuntu.com/usn/USN-2801-1 USN-2802-1 http://www.ubuntu.com/usn/USN-2802-1 USN-2803-1 http://www.ubuntu.com/usn/USN-2803-1 USN-2804-1 http://www.ubuntu.com/usn/USN-2804-1 USN-2805-1 http://www.ubuntu.com/usn/USN-2805-1 USN-2806-1 http://www.ubuntu.com/usn/USN-2806-1 USN-2807-1 http://www.ubuntu.com/usn/USN-2807-1 [oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception http://www.openwall.com/lists/oss-security/2015/11/10/6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed http://support.citrix.com/article/CTX202583 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://xenbits.xen.org/xsa/advisory-156.html https://bugzilla.redhat.com/show_bug.cgi?id=1277172 https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed https://kb.juniper.net/JSA10783 openSUSE-SU-2015:2232 http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html openSUSE-SU-2015:2250 http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7504 1034268 http://www.securitytracker.com/id/1034268 78227 http://www.securityfocus.com/bid/78227 DSA-3469 http://www.debian.org/security/2016/dsa-3469 DSA-3470 http://www.debian.org/security/2016/dsa-3470 DSA-3471 http://www.debian.org/security/2016/dsa-3471 GLSA-201602-01 https://security.gentoo.org/glsa/201602-01 GLSA-201604-03 https://security.gentoo.org/glsa/201604-03 RHSA-2015:2694 http://rhn.redhat.com/errata/RHSA-2015-2694.html RHSA-2015:2695 http://rhn.redhat.com/errata/RHSA-2015-2695.html RHSA-2015:2696 http://rhn.redhat.com/errata/RHSA-2015-2696.html [Qemu-devel] 20151130 [PATCH for 2.5 1/2] net: pcnet: add check to validate receive data size(CVE-2015-7504) https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html [oss-security] 20151130 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode http://www.openwall.com/lists/oss-security/2015/11/30/2 http://xenbits.xen.org/xsa/advisory-162.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7549 80761 http://www.securityfocus.com/bid/80761 FEDORA-2016-e9bba2bb01 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html [oss-security] 20151214 CVE-2015-7549 Qemu: pci: msi-x: null pointer dereference issue http://www.openwall.com/lists/oss-security/2015/12/14/2 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 https://bugzilla.redhat.com/show_bug.cgi?id=1291137 Common Vulnerability Exposure (CVE) ID: CVE-2015-8339 BugTraq ID: 79038 http://www.securityfocus.com/bid/79038 Debian Security Information: DSA-3519 (Google Search) http://www.debian.org/security/2016/dsa-3519 http://www.securitytracker.com/id/1034391 Common Vulnerability Exposure (CVE) ID: CVE-2015-8340 Common Vulnerability Exposure (CVE) ID: CVE-2015-8341 http://www.securitytracker.com/id/1034389 Common Vulnerability Exposure (CVE) ID: CVE-2015-8345 BugTraq ID: 77985 http://www.securityfocus.com/bid/77985 Debian Security Information: DSA-3469 (Google Search) Debian Security Information: DSA-3470 (Google Search) Debian Security Information: DSA-3471 (Google Search) http://www.openwall.com/lists/oss-security/2015/11/25/11 https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8504 78708 http://www.securityfocus.com/bid/78708 [oss-security] 20151208 Re: CVE request: Qemu: ui: vnc: avoid floating point exception http://www.openwall.com/lists/oss-security/2015/12/08/7 http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 https://bugzilla.redhat.com/show_bug.cgi?id=1289541 Common Vulnerability Exposure (CVE) ID: CVE-2015-8550 BugTraq ID: 79592 http://www.securityfocus.com/bid/79592 Debian Security Information: DSA-3434 (Google Search) http://www.debian.org/security/2016/dsa-3434 http://www.securitytracker.com/id/1034479 SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8554 BugTraq ID: 79579 http://www.securityfocus.com/bid/79579 http://www.securitytracker.com/id/1034481 Common Vulnerability Exposure (CVE) ID: CVE-2015-8555 BugTraq ID: 79543 http://www.securityfocus.com/bid/79543 http://www.securitytracker.com/id/1034477 Common Vulnerability Exposure (CVE) ID: CVE-2015-8558 80694 http://www.securityfocus.com/bid/80694 [oss-security] 20151214 CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS http://www.openwall.com/lists/oss-security/2015/12/14/9 [oss-security] 20151214 Re: CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS http://www.openwall.com/lists/oss-security/2015/12/14/16 [qemu-devel] 20151214 [PATCH] ehci: make idt processing more robust https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 https://bugzilla.redhat.com/show_bug.cgi?id=1277983 Common Vulnerability Exposure (CVE) ID: CVE-2015-8567 79721 http://www.securityfocus.com/bid/79721 FEDORA-2016-275e9ff483 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html FEDORA-2016-2c15b72b01 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html FEDORA-2016-42778e8c82 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html FEDORA-2016-e1784417af http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html SUSE-SU-2016:0873 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00087.html SUSE-SU-2016:0955 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00002.html SUSE-SU-2016:1318 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00049.html SUSE-SU-2016:1560 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00017.html SUSE-SU-2016:1703 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00058.html USN-2891-1 http://www.ubuntu.com/usn/USN-2891-1 [oss-security] 20151215 Re: CVE request Qemu: net: vmxnet3: host memory leakage http://www.openwall.com/lists/oss-security/2015/12/15/10 [qemu-devel] 20151215 Re: [Qemu-devel] net: vmxnet3: memory leakage issue https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html openSUSE-SU-2016:0123 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html openSUSE-SU-2016:0126 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html openSUSE-SU-2016:1750 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8568 https://bugzilla.redhat.com/show_bug.cgi?id=1289816
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.