SB2011092003 - SUSE Linux update for Xen 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011092003

SB2011092003 - SUSE Linux update for Xen

Published: September 20, 2011

Security Bulletin ID SB2011092003
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2011-1166)

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.


2) Input validation error (CVE-ID: CVE-2011-1936)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.


3) Resource management error (CVE-ID: CVE-2011-2901)

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.


Remediation

Install update from vendor's website.

References