SUSE SLES10 Security Update : Xen (SUSE-SU-2016:0658-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

Xen was updated to fix the following vulnerabilities :

CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)

CVE-2015-4037: Insecure temporary file use in /net/slirp.c

CVE-2015-5239: Integer overflow in vnc_client_read() and
protocol_client_msg() (bsc#944463)

CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator
(XSA-162, bsc#956411)

CVE-2015-7971: Some pmu and profiling hypercalls log without rate
limiting (XSA-152, bsc#950706)

CVE-2015-8104: Guest to host DoS by triggering an infinite loop in
microcode via #DB exception (bsc#954405)

CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,

CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,

CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,

CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode

CVE-2015-8550: Paravirtualized drivers incautious about shared memory
contents (XSA-155, bsc#957988)

CVE-2015-8504: Avoid floating point exception in vnc support

CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization
(XSA-165, bsc#958009)

Ioreq handling possibly susceptible to multiple read issue (XSA-166,

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

Update the affected Xen packages

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now