Description: | Summary: The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2016:0658-1 advisory.
Vulnerability Insight: Xen was updated to fix the following vulnerabilities: CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642) CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267) CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463) CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator (XSA-162, bsc#956411) CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (XSA-152, bsc#950706) CVE-2015-8104: Guest to host DoS by triggering an infinite loop in microcode via #DB exception (bsc#954405) CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156, bsc#953527) CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159, bsc#956408) CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159, bsc#956408) CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode (bsc#962360) CVE-2015-8550: Paravirtualized drivers incautious about shared memory contents (XSA-155, bsc#957988) CVE-2015-8504: Avoid floating point exception in vnc support (bsc#958493) CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165, bsc#958009) Ioreq handling possibly susceptible to multiple read issues (XSA-166, bsc#958523) Security Issues: CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-7504 CVE-2015-7971 CVE-2015-8104 CVE-2015-5307 CVE-2015-8339 CVE-2015-8340 CVE-2015-7512 CVE-2015-8550 CVE-2015-8504 CVE-2015-8555
Affected Software/OS: 'Xen' package(s) on SUSE Linux Enterprise Server 10 SP4.
Solution: Please install the updated package(s).
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|