Test ID:	1.3.6.1.4.1.25623.1.1.4.2012.1615.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2012:1615-1)
Summary:	The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:1615-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:1615-1 advisory. Vulnerability Insight: This update fixes the following security issues in xen: * CVE-2012-5510: Grant table version switch list corruption vulnerability (XSA-26) * CVE-2012-5511: Several HVM operations do not validate the range of their inputs (XSA-27) * CVE-2012-5512: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak (XSA-28) * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5514: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following bugs have been fixed and upstream patches have been applied: * FATAL PAGE FAULT in hypervisor (arch_do_domctl) * 25931-x86-domctl-iomem-mapping-checks.patch * 26132-tmem-save-NULL-check.patch * 26134-x86-shadow-invlpg-check.patch * 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) * 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch) * 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch) * 26151-gnttab-compat-get-status-frames.patch (Replaces CVE-2012-4539-xsa24.patch) * bnc#792476 - efi files missing in latest XEN update Security Issue references: * CVE-2012-5512 > * CVE-2012-5513 > * CVE-2012-5514 > * CVE-2012-5511 > * CVE-2012-5510 > * CVE-2012-5515 > Affected Software/OS: 'Xen' package(s) on SUSE Linux Enterprise Desktop 11-SP2, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP2. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4535 1027759 http://www.securitytracker.com/id?1027759 51200 http://secunia.com/advisories/51200 51324 http://secunia.com/advisories/51324 51352 http://secunia.com/advisories/51352 51413 http://secunia.com/advisories/51413 51468 http://secunia.com/advisories/51468 55082 http://secunia.com/advisories/55082 56498 http://www.securityfocus.com/bid/56498 87298 http://osvdb.org/87298 DSA-2582 http://www.debian.org/security/2012/dsa-2582 GLSA-201309-24 http://security.gentoo.org/glsa/glsa-201309-24.xml GLSA-201604-03 https://security.gentoo.org/glsa/201604-03 RHSA-2012:1540 http://rhn.redhat.com/errata/RHSA-2012-1540.html SUSE-SU-2012:1486 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html SUSE-SU-2012:1487 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html SUSE-SU-2012:1615 http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html SUSE-SU-2014:0446 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html SUSE-SU-2014:0470 http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html [Xen-announce] 20121113 Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html [oss-security] 20121113 Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability http://www.openwall.com/lists/oss-security/2012/11/13/1 openSUSE-SU-2012:1572 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html openSUSE-SU-2012:1573 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html xen-vcpu-dos(80022) https://exchange.xforce.ibmcloud.com/vulnerabilities/80022 Common Vulnerability Exposure (CVE) ID: CVE-2012-4537 1027761 http://www.securitytracker.com/id?1027761 87307 http://osvdb.org/87307 [Xen-announce] 20121113 Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html [oss-security] 20121113 Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability http://www.openwall.com/lists/oss-security/2012/11/13/6 xen-setp2mentry-dos(80024) https://exchange.xforce.ibmcloud.com/vulnerabilities/80024 Common Vulnerability Exposure (CVE) ID: CVE-2012-4538 1027762 http://www.securitytracker.com/id?1027762 87306 http://osvdb.org/87306 [Xen-announce] 20121113 Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html [oss-security] 20121113 Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability http://www.openwall.com/lists/oss-security/2012/11/13/3 xen-hvmop-dos(80025) https://exchange.xforce.ibmcloud.com/vulnerabilities/80025 Common Vulnerability Exposure (CVE) ID: CVE-2012-4539 1027763 http://www.securitytracker.com/id?1027763 87305 http://www.osvdb.org/87305 [Xen-announce] 20121113 Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html [oss-security] 20121113 Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability http://www.openwall.com/lists/oss-security/2012/11/13/4 openSUSE-SU-2012:1685 http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html xen-gnttabopgetstatus-dos(80026) https://exchange.xforce.ibmcloud.com/vulnerabilities/80026 Common Vulnerability Exposure (CVE) ID: CVE-2012-5510 51397 http://secunia.com/advisories/51397 51486 http://secunia.com/advisories/51486 51487 http://secunia.com/advisories/51487 56794 http://www.securityfocus.com/bid/56794 88128 http://www.osvdb.org/88128 [oss-security] 20121203 Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability http://www.openwall.com/lists/oss-security/2012/12/03/6 http://support.citrix.com/article/CTX135777 openSUSE-SU-2012:1687 http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html openSUSE-SU-2013:0133 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html openSUSE-SU-2013:0636 http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html openSUSE-SU-2013:0637 http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html xen-grant-table-dos(80478) https://exchange.xforce.ibmcloud.com/vulnerabilities/80478 Common Vulnerability Exposure (CVE) ID: CVE-2012-5511 56796 http://www.securityfocus.com/bid/56796 88129 http://www.osvdb.org/88129 DSA-2636 http://www.debian.org/security/2013/dsa-2636 [oss-security] 20121203 Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs http://www.openwall.com/lists/oss-security/2012/12/03/10 xen-hvm-dos(80484) https://exchange.xforce.ibmcloud.com/vulnerabilities/80484 Common Vulnerability Exposure (CVE) ID: CVE-2012-5512 56799 http://www.securityfocus.com/bid/56799 88132 http://www.osvdb.org/88132 [oss-security] 20121203 Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak http://www.openwall.com/lists/oss-security/2012/12/03/7 xen-hvmopsetmemaccess-dos(80481) https://exchange.xforce.ibmcloud.com/vulnerabilities/80481 Common Vulnerability Exposure (CVE) ID: CVE-2012-5513 51495 http://secunia.com/advisories/51495 56797 http://www.securityfocus.com/bid/56797 88131 http://www.osvdb.org/88131 SUSE-SU-2012:1606 http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00000.html [oss-security] 20121203 Xen Security Advisory 29 (CVE-2012-5513) - XENMEM_exchange may overwrite hypervisor memory http://www.openwall.com/lists/oss-security/2012/12/03/11 xen-xenmemexchange-priv-esc(80482) https://exchange.xforce.ibmcloud.com/vulnerabilities/80482 Common Vulnerability Exposure (CVE) ID: CVE-2012-5514 56803 http://www.securityfocus.com/bid/56803 88130 http://www.osvdb.org/88130 [oss-security] 20121203 Xen Security Advisory 30 (CVE-2012-5514) - Broken error handling in guest_physmap_mark_populate_on_demand() http://www.openwall.com/lists/oss-security/2012/12/03/12 xen-guestphysmapmark-dos(80483) https://exchange.xforce.ibmcloud.com/vulnerabilities/80483 Common Vulnerability Exposure (CVE) ID: CVE-2012-5515 56798 http://www.securityfocus.com/bid/56798 88127 http://www.osvdb.org/88127 [Xen-announce] 20121203 Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html [oss-security] 20121203 Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values http://www.openwall.com/lists/oss-security/2012/12/03/9 xen-extentorder-dos(80479) https://exchange.xforce.ibmcloud.com/vulnerabilities/80479
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.