Fedora 16 : xen-4.1.3-4.fc16 (2012-18249)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

A guest can block a cpu by setting a bad VCPU deadline [XSA 20,
CVE-2012-4535] (#876198) HVM guest can use invalid pirq values to
crash xen [XSA 21, CVE-2012-4536] (#876200) HVM guest can exhaust p2m
table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can
crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on
64-bit hypervisor can cause an hypervisor infinite loop [XSA-24,
CVE-2012-4539] (#876207)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=870086
https://bugzilla.redhat.com/show_bug.cgi?id=870096
https://bugzilla.redhat.com/show_bug.cgi?id=870101
https://bugzilla.redhat.com/show_bug.cgi?id=870106
https://bugzilla.redhat.com/show_bug.cgi?id=870110
http://www.nessus.org/u?33f5ee44

Solution :

Update the affected xen package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 63010 ()

Bugtraq ID:

CVE ID: CVE-2012-4535
CVE-2012-4536
CVE-2012-4537
CVE-2012-4538
CVE-2012-4539