Test ID:	1.3.6.1.4.1.25623.1.0.881619
Category:	CentOS Local Security Checks
Title:	CentOS Update for xen CESA-2013:0599 centos5
Summary:	The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'xen' package(s) announced via the referenced advisory. Vulnerability Insight: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. Affected Software/OS: xen on CentOS 5 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6075 55082 http://secunia.com/advisories/55082 57420 http://www.securityfocus.com/bid/57420 DSA-2607 http://www.debian.org/security/2013/dsa-2607 DSA-2608 http://www.debian.org/security/2013/dsa-2608 DSA-2619 http://www.debian.org/security/2013/dsa-2619 FEDORA-2013-0934 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html FEDORA-2013-0965 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html FEDORA-2013-0971 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html GLSA-201309-24 http://security.gentoo.org/glsa/glsa-201309-24.xml RHSA-2013:0599 http://rhn.redhat.com/errata/RHSA-2013-0599.html RHSA-2013:0608 http://rhn.redhat.com/errata/RHSA-2013-0608.html RHSA-2013:0609 http://rhn.redhat.com/errata/RHSA-2013-0609.html RHSA-2013:0610 http://rhn.redhat.com/errata/RHSA-2013-0610.html RHSA-2013:0639 http://rhn.redhat.com/errata/RHSA-2013-0639.html SUSE-SU-2014:0446 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html USN-1692-1 http://www.ubuntu.com/usn/USN-1692-1 [Qemu-devel] 20121205 [PATCH] e1000: Discard oversized packets based on SBP|LPE http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html [oss-security] 20121229 Re: CVE request: qemu e1000 emulated device gues-side buffer overflow http://www.openwall.com/lists/oss-security/2012/12/30/1 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb https://bugzilla.redhat.com/show_bug.cgi?id=889301 openSUSE-SU-2013:0636 http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html openSUSE-SU-2013:0637 http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.