Detections
Analytics
Debian DSA-4236-1 : xen - security update
critical Nessus Plugin ID 110787
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Multiple vulnerabilities have been discovered in the Xen hypervisor :- CVE-2018-12891 It was discovered that insufficient validation of PV MMU operations may result in denial of service.
- CVE-2018-12892 It was discovered that libxl fails to honour the 'readonly' flag on HVM-emulated SCSI disks.
- CVE-2018-12893 It was discovered that incorrect implementation of debug exception checks could result in denial of service.
Solution
Upgrade the xen packages.For the stable distribution (stretch), these problems have been fixed in version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9.
See Also
https://security-tracker.debian.org/tracker/CVE-2018-12891
https://security-tracker.debian.org/tracker/CVE-2018-12892
https://security-tracker.debian.org/tracker/CVE-2018-12893
https://security-tracker.debian.org/tracker/source-package/xen
Plugin Details
Severity: Critical
ID: 110787
File Name: debian_DSA-4236.nasl
Version: 1.5
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 6/29/2018
Updated: 9/12/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2018-12892
CVSS v3
Risk Factor: Critical
Base Score: 9.9
Temporal Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:xen, cpe:/o:debian:debian_linux:9.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 6/27/2018
Reference Information
CVE: CVE-2018-12891, CVE-2018-12892, CVE-2018-12893
DSA: 4236