Fedora 16 : xen-4.1.3-4.fc16 (2012-18249)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

A guest can block a cpu by setting a bad VCPU deadline [XSA 20,
CVE-2012-4535] (#876198) HVM guest can use invalid pirq values to
crash xen [XSA 21, CVE-2012-4536] (#876200) HVM guest can exhaust p2m
table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can
crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on
64-bit hypervisor can cause an hypervisor infinite loop [XSA-24,
CVE-2012-4539] (#876207)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=870086
https://bugzilla.redhat.com/show_bug.cgi?id=870096
https://bugzilla.redhat.com/show_bug.cgi?id=870101
https://bugzilla.redhat.com/show_bug.cgi?id=870106
https://bugzilla.redhat.com/show_bug.cgi?id=870110
http://www.nessus.org/u?33f5ee44

Solution :

Update the affected xen package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 63010 ()

Bugtraq ID:

CVE ID: CVE-2012-4535
CVE-2012-4536
CVE-2012-4537
CVE-2012-4538
CVE-2012-4539

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial