Ispravljeno je šest sigurnosnih nedostataka programskog pakete Xen, namijenjenog operacijskom sustavu SUSE Linux Enterprise Server 10 SP2. Udaljeni napadač može iskoristiti spomenute propuste za rušenje sustava ili dobivanje većih privilegija.
Paket:
xen 4.x
Operacijski sustavi:
SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
6.3
Problem:
pogreška u programskoj funkciji, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, uskraćivanje usluga (DoS)
Propusti su posljedica nepravilnog rukovanja VT100 escape znakovima te pogrešaka u funkcijama "set_debugreg", "PHYSDEVOP_get_free_pirq", "XENMEM_populate_physmap", "PHYSDEVOP_map_pirq" i "GNTTABOP_swap_grant_ref".
Posljedica:
Propuste je moguće iskoristiti za izvođenje DoS napada ili dobivanje većih ovlasti.
Rješenje:
Svim korisnicima se savjetuje korištenje programske nadogradnje koja otklanja opisane propuste.
SUSE Security Update: Security update for Xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:1133-1
Rating: important
References: #777084 #777090
Cross-References: CVE-2012-3494 CVE-2012-3495 CVE-2012-3496
CVE-2012-3498 CVE-2012-3515 CVE-2012-3516
Affected Products:
SUSE Linux Enterprise Server 10 SP2
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
XEN was updated to fix multiple bugs and security issues.
The following security issues have been fixed:
* CVE-2012-3494: xen: hypercall set_debugreg
vulnerability (XSA-12)
* CVE-2012-3515: xen: Qemu VT100 emulation
vulnerability (XSA-17)
Security Issue references:
* CVE-2012-3496
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3496
>
* CVE-2012-3494
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3494
>
* CVE-2012-3495
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3495
>
* CVE-2012-3498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3498
>
* CVE-2012-3516
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3516
>
* CVE-2012-3515
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515
>
Indications:
Everyone using XEN should update.
Package List:
- SUSE Linux Enterprise Server 10 SP2 (i586 x86_64):
xen-3.2.0_16718_26-0.10.1
xen-devel-3.2.0_16718_26-0.10.1
xen-doc-html-3.2.0_16718_26-0.10.1
xen-doc-pdf-3.2.0_16718_26-0.10.1
xen-doc-ps-3.2.0_16718_26-0.10.1
xen-kmp-debug-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
xen-kmp-default-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
xen-kmp-kdump-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
xen-kmp-smp-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
xen-libs-3.2.0_16718_26-0.10.1
xen-tools-3.2.0_16718_26-0.10.1
xen-tools-domU-3.2.0_16718_26-0.10.1
xen-tools-ioemu-3.2.0_16718_26-0.10.1
- SUSE Linux Enterprise Server 10 SP2 (x86_64):
xen-libs-32bit-3.2.0_16718_26-0.10.1
- SUSE Linux Enterprise Server 10 SP2 (i586):
xen-kmp-bigsmp-3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1
References:
http://support.novell.com/security/cve/CVE-2012-3494.html
http://support.novell.com/security/cve/CVE-2012-3495.html
http://support.novell.com/security/cve/CVE-2012-3496.html
http://support.novell.com/security/cve/CVE-2012-3498.html
http://support.novell.com/security/cve/CVE-2012-3515.html
http://support.novell.com/security/cve/CVE-2012-3516.html
https://bugzilla.novell.com/777084
https://bugzilla.novell.com/777090
http://download.novell.com/patch/finder/?keywords=6779ef884a44335e87986cb4684ebd15
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke