Test ID:	1.3.6.1.4.1.25623.1.1.4.2016.1445.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2016:1445-1)
Summary:	The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2016:1445-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2016:1445-1 advisory. Vulnerability Insight: Xen was updated to fix the following security issues: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive (bsc#969351) CVE-2016-2391: usb: multiple eof_timers in ohci module leads to null pointer dereference (bsc#967101) CVE-2016-2270: x86: inconsistent cachability flags on guest mappings (XSA-154) (bsc#965315) CVE-2016-2271: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) (bsc#965317) CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#964947) CVE-2014-0222: qcow1: validate L2 table size to avoid integer overflows (bsc#964925) CVE-2014-7815: vnc: insufficient bits_per_pixel from the client sanitization (bsc#962627) CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960726) Security Issues: CVE-2016-2841 CVE-2016-2391 CVE-2016-2270 CVE-2016-2271 CVE-2015-5278 CVE-2014-0222 CVE-2014-7815 CVE-2015-8743 Affected Software/OS: 'Xen' package(s) on SUSE Linux Enterprise Server 10-SP4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0222 67357 http://www.securityfocus.com/bid/67357 DSA-3044 http://www.debian.org/security/2014/dsa-3044 FEDORA-2014-6288 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html FEDORA-2014-6970 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html SUSE-SU-2015:0929 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html [Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222) https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html [Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html openSUSE-SU-2015:1965 http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html Common Vulnerability Exposure (CVE) ID: CVE-2014-7815 61484 http://secunia.com/advisories/61484 62143 http://secunia.com/advisories/62143 62144 http://secunia.com/advisories/62144 DSA-3066 http://www.debian.org/security/2014/dsa-3066 DSA-3067 http://www.debian.org/security/2014/dsa-3067 RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html SUSE-SU-2015:1782 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html USN-2409-1 http://www.ubuntu.com/usn/USN-2409-1 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 http://support.citrix.com/article/CTX200892 https://bugzilla.redhat.com/show_bug.cgi?id=1157641 Common Vulnerability Exposure (CVE) ID: CVE-2015-5278 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://www.openwall.com/lists/oss-security/2015/09/15/2 http://www.ubuntu.com/usn/USN-2745-1 https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 Common Vulnerability Exposure (CVE) ID: CVE-2015-8743 1034574 http://www.securitytracker.com/id/1034574 79820 http://www.securityfocus.com/bid/79820 DSA-3469 http://www.debian.org/security/2016/dsa-3469 DSA-3470 http://www.debian.org/security/2016/dsa-3470 DSA-3471 http://www.debian.org/security/2016/dsa-3471 GLSA-201602-01 https://security.gentoo.org/glsa/201602-01 [oss-security] 20160104 CVE request Qemu: net: ne2000: OOB r/w in ioport operations http://www.openwall.com/lists/oss-security/2016/01/04/1 [oss-security] 20160104 Re: CVE request Qemu: net: ne2000: OOB r/w in ioport operations http://www.openwall.com/lists/oss-security/2016/01/04/2 [qemu-devel] 20160104 Re: [PATCH v3] net: ne2000: fix bounds check in ioport operations https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html https://bugzilla.redhat.com/show_bug.cgi?id=1264929 Common Vulnerability Exposure (CVE) ID: CVE-2016-2270 Debian Security Information: DSA-3519 (Google Search) http://www.debian.org/security/2016/dsa-3519 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html https://security.gentoo.org/glsa/201604-03 http://www.securitytracker.com/id/1035042 Common Vulnerability Exposure (CVE) ID: CVE-2016-2271 http://www.securitytracker.com/id/1035043 Common Vulnerability Exposure (CVE) ID: CVE-2016-2391 83263 http://www.securityfocus.com/bid/83263 USN-2974-1 http://www.ubuntu.com/usn/USN-2974-1 [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference http://www.openwall.com/lists/oss-security/2016/02/16/2 [qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360 https://bugzilla.redhat.com/show_bug.cgi?id=1304794 Common Vulnerability Exposure (CVE) ID: CVE-2016-2841 84028 http://www.securityfocus.com/bid/84028 GLSA-201609-01 https://security.gentoo.org/glsa/201609-01 [oss-security] 20160302 CVE request Qemu: net: ne2000: infinite loop in ne2000_receive http://www.openwall.com/lists/oss-security/2016/03/02/8 [qemu-devel] 20160226 Re: [PATCH v2] net: ne2000: check ring buffer control registers https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html [qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190 https://bugzilla.redhat.com/show_bug.cgi?id=1303106
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.