Detections
Analytics
Fedora 17 : xen-4.1.5-1.fc17 (2013-6723)
medium Nessus Plugin ID 66321
Language:
Synopsis
The remote Fedora host is missing a security update.Description
- Thu Apr 25 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.5-1- update to xen-4.1.5 includes fixes for passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) grant releases can release more than intended potentially crashing xen [XSA-50, CVE-2013-1964] (#953632)
- remove patches that are included in 4.1.5
- allow xendomains to work with xl saved images
- Thu Apr 4 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-7
- make xendomains systemd script executable (#919705)
- Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920]
- Fri Feb 22 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-6
- patch for [XSA-36, CVE-2013-0153] can cause boot time crash
- backport the fixes discovered when building with gcc 4.8
- Fri Feb 15 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-5
- patch for [XSA-38, CVE-2013-0215] was flawed
- Wed Feb 6 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-4
- guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888)
- guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914)
- Thu Jan 17 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-3
- Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845)
- fix a bug introduced by fix for XSA-27
- Fri Jan 11 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-2
- VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568)
- Tue Dec 18 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-1
- update to xen-4.1.4
- remove patches that are included in 4.1.4
- Tue Dec 4 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-7
- 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) An HVM guest can cause xen to crash or leak information [XSA-28, CVE-2012-5512] (#883085) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092)
- Tue Nov 13 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-6
- 5 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198)
[plus 60 lines in the Changelog]
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected xen package.See Also
https://bugzilla.redhat.com/show_bug.cgi?id=950668
https://bugzilla.redhat.com/show_bug.cgi?id=950686
Plugin Details
Severity: Medium
ID: 66321
File Name: fedora_2013-6723.nasl
Version: 1.17
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 5/5/2013
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 6
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:xen, cpe:/o:fedoraproject:fedora:17
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 4/26/2013
Vulnerability Publication Date: 5/13/2013
Reference Information
CVE: CVE-2013-1917, CVE-2013-1919, CVE-2013-1964
FEDORA: 2013-6723