Test ID:	1.3.6.1.4.1.25623.1.1.4.2012.1044.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2012:1044-1)
Summary:	The remote host is missing an update for the 'Xen ' package(s) announced via the SUSE-SU-2012:1044-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Xen ' package(s) announced via the SUSE-SU-2012:1044-1 advisory. Vulnerability Insight: Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN was fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest Security Issue references: * CVE-2012-3432 > * CVE-2012-3433 > * CVE-2012-2625 > Affected Software/OS: 'Xen ' package(s) on SUSE Linux Enterprise Desktop 11-SP1, SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Software Development Kit 11-SP1. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2625 BugTraq ID: 53650 http://www.securityfocus.com/bid/53650 http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817 http://www.openwall.com/lists/oss-security/2012/10/26/3 RedHat Security Advisories: RHSA-2012:1130 http://rhn.redhat.com/errata/RHSA-2012-1130.html http://www.securitytracker.com/id?1027090 http://secunia.com/advisories/49184 http://secunia.com/advisories/51413 SuSE Security Announcement: SUSE-SU-2012:1043 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html SuSE Security Announcement: SUSE-SU-2012:1044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html SuSE Security Announcement: SUSE-SU-2012:1135 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html SuSE Security Announcement: openSUSE-SU-2012:1172 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1174 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2012-3432 54691 http://www.securityfocus.com/bid/54691 55082 http://secunia.com/advisories/55082 DSA-2531 http://www.debian.org/security/2012/dsa-2531 GLSA-201309-24 http://security.gentoo.org/glsa/glsa-201309-24.xml SUSE-SU-2012:1043 SUSE-SU-2012:1044 [Xen-devel] 20120727 Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html openSUSE-SU-2012:1172 openSUSE-SU-2012:1174 Common Vulnerability Exposure (CVE) ID: CVE-2012-3433 54942 http://www.securityfocus.com/bid/54942 [Xen-devel] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html [oss-security] 20120809 Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS http://www.openwall.com/lists/oss-security/2012/08/09/3
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.