Fedora 17 : xen-4.1.5-5.fc17 (2013-10247)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52,
CVE-2013-2076] (#970206) Hypervisor crash due to missing exception
recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash
due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078]
(#970202) Multiple vulnerabilities in libelf PV kernel handling
[XSA-55] (#970640)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=964259
https://bugzilla.redhat.com/show_bug.cgi?id=964261
https://bugzilla.redhat.com/show_bug.cgi?id=964264
https://bugzilla.redhat.com/show_bug.cgi?id=970631
http://www.nessus.org/u?d9fe7f04

Solution :

Update the affected xen package.

Risk factor :

Medium / CVSS Base Score : 5.2
(CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 4.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 67275 ()

Bugtraq ID: 60277
60278
60282

CVE ID: CVE-2013-2076
CVE-2013-2077
CVE-2013-2078

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now