OracleVM 2.2 : xen (OVMSA-2012-0058)

Medium Nessus Plugin ID 79492


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

XSA-27: hvm: Limit the size of large HVM op batches [orabug 15907978] (CVE-2012-5511) XSA-29: add missing guest address range checks to XENMEM_exchange handlers [orabug 15907996] (CVE-2012-5513) XSA-30:
xen: fix error handling of guest_physmap_mark_populate_on_demand [orabug 15908008] (CVE-2012-5514) XSA-31: memop: limit guest specified extent order [orabug 15908028] (CVE-2012-5515)


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 79492

File Name: oraclevm_OVMSA-2012-0058.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2014/11/26

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-64, p-cpe:/a:oracle:vm:xen-debugger, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-pvhvm-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:2.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/12/05

Reference Information

CVE: CVE-2012-5511, CVE-2012-5513, CVE-2012-5514, CVE-2012-5515

BID: 56796, 56797, 56798, 56803