Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686).
- CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787).
- CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788).
- CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).
- CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).
- CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
Ссылки
- Link for SUSE-SU-2017:2339-1
- E-Mail link for SUSE-SU-2017:2339-1
- SUSE Security Ratings
- SUSE Bug 1046637
- SUSE Bug 1048920
- SUSE Bug 1049578
- SUSE Bug 1051787
- SUSE Bug 1051788
- SUSE Bug 1052686
- SUSE CVE CVE-2017-10664 page
- SUSE CVE CVE-2017-11334 page
- SUSE CVE CVE-2017-11434 page
- SUSE CVE CVE-2017-12135 page
- SUSE CVE CVE-2017-12137 page
- SUSE CVE CVE-2017-12855 page
Описание
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
Затронутые продукты
Ссылки
- CVE-2017-10664
- SUSE Bug 1046636
- SUSE Bug 1046637
- SUSE Bug 1178658
Описание
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
Затронутые продукты
Ссылки
- CVE-2017-11334
- SUSE Bug 1048902
- SUSE Bug 1048920
Описание
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
Затронутые продукты
Ссылки
- CVE-2017-11434
- SUSE Bug 1049381
- SUSE Bug 1049578
- SUSE Bug 1178658
Описание
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
Затронутые продукты
Ссылки
- CVE-2017-12135
- SUSE Bug 1051787
- SUSE Bug 1169392
- SUSE Bug 1178658
Описание
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
Затронутые продукты
Ссылки
- CVE-2017-12137
- SUSE Bug 1051788
- SUSE Bug 1178658
Описание
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
Затронутые продукты
Ссылки
- CVE-2017-12855
- SUSE Bug 1052686
- SUSE Bug 1178658