openSUSE Security Update : xen (openSUSE-2012-404)

High Nessus Plugin ID 74683

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9

Synopsis

The remote openSUSE host is missing a security update.

Description

This update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Additionally, several other upstream changes were backported.

Solution

Update the affected xen packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=649209

https://bugzilla.novell.com/show_bug.cgi?id=683580

https://bugzilla.novell.com/show_bug.cgi?id=691256

https://bugzilla.novell.com/show_bug.cgi?id=694863

https://bugzilla.novell.com/show_bug.cgi?id=701686

https://bugzilla.novell.com/show_bug.cgi?id=704160

https://bugzilla.novell.com/show_bug.cgi?id=706106

https://bugzilla.novell.com/show_bug.cgi?id=706574

https://bugzilla.novell.com/show_bug.cgi?id=708025

https://bugzilla.novell.com/show_bug.cgi?id=712051

https://bugzilla.novell.com/show_bug.cgi?id=712823

https://bugzilla.novell.com/show_bug.cgi?id=714183

https://bugzilla.novell.com/show_bug.cgi?id=715655

https://bugzilla.novell.com/show_bug.cgi?id=716695

https://bugzilla.novell.com/show_bug.cgi?id=725169

https://bugzilla.novell.com/show_bug.cgi?id=726332

https://bugzilla.novell.com/show_bug.cgi?id=727515

https://bugzilla.novell.com/show_bug.cgi?id=732782

https://bugzilla.novell.com/show_bug.cgi?id=734826

https://bugzilla.novell.com/show_bug.cgi?id=736824

https://bugzilla.novell.com/show_bug.cgi?id=739585

https://bugzilla.novell.com/show_bug.cgi?id=740165

https://bugzilla.novell.com/show_bug.cgi?id=746702

https://bugzilla.novell.com/show_bug.cgi?id=757537

https://bugzilla.novell.com/show_bug.cgi?id=757970

https://bugzilla.novell.com/show_bug.cgi?id=764077

Plugin Details

Severity: High

ID: 74683

File Name: openSUSE-2012-404.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 9

CVSS v2.0

Base Score: 7.4

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-doc-pdf, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/07/04

Vulnerability Publication Date: 2012/01/27

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (FreeBSD Intel SYSRET Privilege Escalation)

Reference Information

CVE: CVE-2012-0029, CVE-2012-0217, CVE-2012-0218, CVE-2012-2934