SuSE 10 Security Update : Xen (ZYPP Patch Number 7547)

NASLDB: SuSE 10 Security Update : Xen (ZYPP Patch Number 7547)

General

ID: 57265
Name: SuSE 10 Security Update : Xen (ZYPP Patch Number 7547)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: SuSE Local Security Checks
Type: Local

Description

This collective June/2011 Update for Xen provides the following
fixes :

– Xen does not properly check the upper boundary of
user-supplied data in the get_free_port() function when
getting a new event channel port. A local user on the
guest operating system can exploit this flaw to cause
denial of service conditions or potentially gain
elevated privileges. (CVE-2011-1166)

– 654798: Fix race between hotplug scripts writing to
xenstore and xend registering a watch for the write.

– 684297: HVM taking too long to dump vmcore

– 688757: Fix kernel panic on fully virtualized setup

– 658413: Fix root drive search on SLES 10-SP3 HVM guest

– 675363: Random lockups with kernel-xen related to
graphics

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-1166
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2011/06/02
Plugin Release: 2011/12/13

Plugin

Version: 1.2
Filename: suse_xen-201106-7547.nasl
Filesize: 6276 bytes
MD5 Hash: 7c684c248eef76729ab155ae92b4a7c4

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG