Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703633
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3633-1 (xen - security update)
Summary:Multiple vulnerabilities have been;discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project;identifies the following problems:;;CVE-2015-8338;Julien Grall discovered that Xen on ARM was susceptible to denial;of service via long running memory operations.;;CVE-2016-4480;Jan Beulich discovered that incorrect page table handling could;result in privilege escalation inside a Xen guest instance.;;CVE-2016-4962;Wei Liu discovered multiple cases of missing input sanitising in;libxl which could result in denial of service.;;CVE-2016-5242;Aaron Cornelius discovered that incorrect resource handling on;ARM systems could result in denial of service.;;CVE-2016-6258;Jeremie Boutoille discovered that incorrect pagetable handling in;PV instances could result in guest to host privilege escalation.
Description:Summary:
Multiple vulnerabilities have been
discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2015-8338
Julien Grall discovered that Xen on ARM was susceptible to denial
of service via long running memory operations.

CVE-2016-4480
Jan Beulich discovered that incorrect page table handling could
result in privilege escalation inside a Xen guest instance.

CVE-2016-4962
Wei Liu discovered multiple cases of missing input sanitising in
libxl which could result in denial of service.

CVE-2016-5242
Aaron Cornelius discovered that incorrect resource handling on
ARM systems could result in denial of service.

CVE-2016-6258
Jeremie Boutoille discovered that incorrect pagetable handling in
PV instances could result in guest to host privilege escalation.

Affected Software/OS:
xen on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 4.4.1-9+deb8u6.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-8338
BugTraq ID: 78920
http://www.securityfocus.com/bid/78920
Debian Security Information: DSA-3633 (Google Search)
http://www.debian.org/security/2016/dsa-3633
http://www.securitytracker.com/id/1034390
Common Vulnerability Exposure (CVE) ID: CVE-2016-4480
BugTraq ID: 90710
http://www.securityfocus.com/bid/90710
http://www.securitytracker.com/id/1035901
Common Vulnerability Exposure (CVE) ID: CVE-2016-4962
BugTraq ID: 91006
http://www.securityfocus.com/bid/91006
http://www.securitytracker.com/id/1036023
Common Vulnerability Exposure (CVE) ID: CVE-2016-5242
BugTraq ID: 91015
http://www.securityfocus.com/bid/91015
http://www.securitytracker.com/id/1036035
Common Vulnerability Exposure (CVE) ID: CVE-2016-6258
BugTraq ID: 92131
http://www.securityfocus.com/bid/92131
https://security.gentoo.org/glsa/201611-09
http://www.securitytracker.com/id/1036446
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.