Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.703633 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 3633-1 (xen - security update) |
Summary: | Multiple vulnerabilities have been;discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project;identifies the following problems:;;CVE-2015-8338;Julien Grall discovered that Xen on ARM was susceptible to denial;of service via long running memory operations.;;CVE-2016-4480;Jan Beulich discovered that incorrect page table handling could;result in privilege escalation inside a Xen guest instance.;;CVE-2016-4962;Wei Liu discovered multiple cases of missing input sanitising in;libxl which could result in denial of service.;;CVE-2016-5242;Aaron Cornelius discovered that incorrect resource handling on;ARM systems could result in denial of service.;;CVE-2016-6258;Jeremie Boutoille discovered that incorrect pagetable handling in;PV instances could result in guest to host privilege escalation. |
Description: | Summary: Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8338 Julien Grall discovered that Xen on ARM was susceptible to denial of service via long running memory operations. CVE-2016-4480 Jan Beulich discovered that incorrect page table handling could result in privilege escalation inside a Xen guest instance. CVE-2016-4962 Wei Liu discovered multiple cases of missing input sanitising in libxl which could result in denial of service. CVE-2016-5242 Aaron Cornelius discovered that incorrect resource handling on ARM systems could result in denial of service. CVE-2016-6258 Jeremie Boutoille discovered that incorrect pagetable handling in PV instances could result in guest to host privilege escalation. Affected Software/OS: xen on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u6. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-8338 BugTraq ID: 78920 http://www.securityfocus.com/bid/78920 Debian Security Information: DSA-3633 (Google Search) http://www.debian.org/security/2016/dsa-3633 http://www.securitytracker.com/id/1034390 Common Vulnerability Exposure (CVE) ID: CVE-2016-4480 BugTraq ID: 90710 http://www.securityfocus.com/bid/90710 http://www.securitytracker.com/id/1035901 Common Vulnerability Exposure (CVE) ID: CVE-2016-4962 BugTraq ID: 91006 http://www.securityfocus.com/bid/91006 http://www.securitytracker.com/id/1036023 Common Vulnerability Exposure (CVE) ID: CVE-2016-5242 BugTraq ID: 91015 http://www.securityfocus.com/bid/91015 http://www.securitytracker.com/id/1036035 Common Vulnerability Exposure (CVE) ID: CVE-2016-6258 BugTraq ID: 92131 http://www.securityfocus.com/bid/92131 https://security.gentoo.org/glsa/201611-09 http://www.securitytracker.com/id/1036446 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |