Test ID:	1.3.6.1.4.1.25623.1.1.4.2012.1132.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2012:1132-1)
Summary:	The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:1132-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:1132-1 advisory. Vulnerability Insight: XEN was updated 4.1.3 to fix multiple bugs and security issues. The following security issues have been fixed: * CVE-2012-3494: xen: hypercall set_debugreg vulnerability (XSA-12) * CVE-2012-3495: xen: hypercall physdev_get_free_pirq vulnerability (XSA-13) * CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) * CVE-2012-3498: xen: PHYSDEVOP_map_pirq index vulnerability (XSA-16) * CVE-2012-3515: xen: Qemu VT100 emulation vulnerability (XSA-17) Also the following bugs have been fixed: * pvscsi support of attaching Luns - bnc#776995 The following related bugs in vm-install 0.5.12 have been fixed: * bnc#776300 - vm-install does not pass --extra-args in --upgrade * Add for support Open Enterprise Server 11 * Add support for Windows 8 and Windows Server 2012 * Add support for Ubuntu 12 (Precise Pangolin) Security Issue references: * CVE-2012-3496 > * CVE-2012-3494 > * CVE-2012-3495 > * CVE-2012-3498 > * CVE-2012-3515 > Affected Software/OS: 'Xen' package(s) on SUSE Linux Enterprise Desktop 11-SP2, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP2. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3494 1027479 http://www.securitytracker.com/id?1027479 50472 http://secunia.com/advisories/50472 50530 http://secunia.com/advisories/50530 51413 http://secunia.com/advisories/51413 55082 http://secunia.com/advisories/55082 55400 http://www.securityfocus.com/bid/55400 85197 http://osvdb.org/85197 DSA-2544 http://www.debian.org/security/2012/dsa-2544 GLSA-201309-24 http://security.gentoo.org/glsa/glsa-201309-24.xml GLSA-201604-03 https://security.gentoo.org/glsa/201604-03 SUSE-SU-2012:1129 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html SUSE-SU-2012:1132 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html SUSE-SU-2012:1133 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html SUSE-SU-2012:1135 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html SUSE-SU-2012:1162 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html [Xen-announce] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html [oss-security] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability http://www.openwall.com/lists/oss-security/2012/09/05/5 http://support.citrix.com/article/CTX134708 http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851139 openSUSE-SU-2012:1172 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html openSUSE-SU-2012:1174 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html openSUSE-SU-2012:1572 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html openSUSE-SU-2012:1573 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html xen-setdebugreg-dos(78265) https://exchange.xforce.ibmcloud.com/vulnerabilities/78265 Common Vulnerability Exposure (CVE) ID: CVE-2012-3495 1027480 http://www.securitytracker.com/id?1027480 55406 http://www.securityfocus.com/bid/55406 [Xen-announce] 20120905 Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html [oss-security] 20120905 Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability http://www.openwall.com/lists/oss-security/2012/09/05/6 http://wiki.xen.org/wiki/Security_Announcements#XSA-13_hypercall_physdev_get_free_pirq_vulnerability http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593 Common Vulnerability Exposure (CVE) ID: CVE-2012-3496 1027481 http://securitytracker.com/id?1027481 55412 http://www.securityfocus.com/bid/55412 85200 http://www.osvdb.org/85200 [Xen-announce] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html [oss-security] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability http://www.openwall.com/lists/oss-security/2012/09/05/7 http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=854590 xen-xenmempopulatephysmap-dos(78267) https://exchange.xforce.ibmcloud.com/vulnerabilities/78267 Common Vulnerability Exposure (CVE) ID: CVE-2012-3498 1027483 http://securitytracker.com/id?1027483 55414 http://www.securityfocus.com/bid/55414 85198 http://osvdb.org/85198 [Xen-announce] 20120905 Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html [oss-security] 20120905 Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability http://www.openwall.com/lists/oss-security/2012/09/05/9 http://wiki.xen.org/wiki/Security_Announcements#XSA-16_PHYSDEVOP_map_pirq_index_vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=851193 xen-physdevopmappirq-dos(78269) https://exchange.xforce.ibmcloud.com/vulnerabilities/78269 Common Vulnerability Exposure (CVE) ID: CVE-2012-3515 50528 http://secunia.com/advisories/50528 50632 http://secunia.com/advisories/50632 50689 http://secunia.com/advisories/50689 50860 http://secunia.com/advisories/50860 50913 http://secunia.com/advisories/50913 55413 http://www.securityfocus.com/bid/55413 DSA-2543 http://www.debian.org/security/2012/dsa-2543 DSA-2545 http://www.debian.org/security/2012/dsa-2545 RHSA-2012:1233 http://rhn.redhat.com/errata/RHSA-2012-1233.html RHSA-2012:1234 http://rhn.redhat.com/errata/RHSA-2012-1234.html RHSA-2012:1235 http://rhn.redhat.com/errata/RHSA-2012-1235.html RHSA-2012:1236 http://rhn.redhat.com/errata/RHSA-2012-1236.html RHSA-2012:1262 http://rhn.redhat.com/errata/RHSA-2012-1262.html RHSA-2012:1325 http://rhn.redhat.com/errata/RHSA-2012-1325.html SUSE-SU-2012:1202 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html SUSE-SU-2012:1203 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html SUSE-SU-2012:1205 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html SUSE-SU-2012:1320 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html USN-1590-1 http://www.ubuntu.com/usn/USN-1590-1 [Xen-announce] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html [oss-security] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability http://www.openwall.com/lists/oss-security/2012/09/05/10 http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability openSUSE-SU-2012:1153 http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html openSUSE-SU-2012:1170 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.