Описание
Security update for xen
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).
- CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).
- CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).
- CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).
- CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).
- CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675).
- bsc#1052686: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230).
This non-security issue was fixed:
- bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE OpenStack Cloud 6
Ссылки
- Link for SUSE-SU-2017:2319-1
- E-Mail link for SUSE-SU-2017:2319-1
- SUSE Security Ratings
- SUSE Bug 1002573
- SUSE Bug 1046637
- SUSE Bug 1047675
- SUSE Bug 1048920
- SUSE Bug 1049578
- SUSE Bug 1051787
- SUSE Bug 1051788
- SUSE Bug 1052686
- SUSE CVE CVE-2017-10664 page
- SUSE CVE CVE-2017-10806 page
- SUSE CVE CVE-2017-11334 page
- SUSE CVE CVE-2017-11434 page
- SUSE CVE CVE-2017-12135 page
- SUSE CVE CVE-2017-12137 page
Описание
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
Затронутые продукты
Ссылки
- CVE-2017-10664
- SUSE Bug 1046636
- SUSE Bug 1046637
- SUSE Bug 1178658
Описание
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
Затронутые продукты
Ссылки
- CVE-2017-10806
- SUSE Bug 1047674
- SUSE Bug 1047675
Описание
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
Затронутые продукты
Ссылки
- CVE-2017-11334
- SUSE Bug 1048902
- SUSE Bug 1048920
Описание
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
Затронутые продукты
Ссылки
- CVE-2017-11434
- SUSE Bug 1049381
- SUSE Bug 1049578
- SUSE Bug 1178658
Описание
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
Затронутые продукты
Ссылки
- CVE-2017-12135
- SUSE Bug 1051787
- SUSE Bug 1169392
- SUSE Bug 1178658
Описание
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
Затронутые продукты
Ссылки
- CVE-2017-12137
- SUSE Bug 1051788
- SUSE Bug 1178658