SUSE-SU-2018:0019-1

Опубликовано: 04 янв. 2018

Источник: suse-cvrf

Описание

Security update for kvm

This update for kvm fixes the following issues:

Also a mitigation for a security flaw has been applied:

CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032)

Security fixes have been applied:

CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612)

Список пакетов

SUSE Linux Enterprise Server 11 SP4

kvm-1.4.2-60.6.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

kvm-1.4.2-60.6.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180019-1/
Link for SUSE-SU-2018:0019-1
https://lists.suse.com/pipermail/sle-security-updates/2018-January/003571.html
E-Mail link for SUSE-SU-2018:0019-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1026612
SUSE Bug 1026612
https://bugzilla.suse.com/1068032
SUSE Bug 1068032
https://www.suse.com/security/cve/CVE-2017-2633/
SUSE CVE CVE-2017-2633 page
https://www.suse.com/security/cve/CVE-2017-5715/
SUSE CVE CVE-2017-5715 page

Описание

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.6.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-2633.html
CVE-2017-2633
https://bugzilla.suse.com/1026612
SUSE Bug 1026612
https://bugzilla.suse.com/1026636
SUSE Bug 1026636
https://bugzilla.suse.com/1074701
SUSE Bug 1074701

Описание

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:kvm-1.4.2-60.6.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:kvm-1.4.2-60.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-5715.html
CVE-2017-5715
https://bugzilla.suse.com/1068032
SUSE Bug 1068032
https://bugzilla.suse.com/1074562
SUSE Bug 1074562
https://bugzilla.suse.com/1074578
SUSE Bug 1074578
https://bugzilla.suse.com/1074701
SUSE Bug 1074701
https://bugzilla.suse.com/1074741
SUSE Bug 1074741
https://bugzilla.suse.com/1074919
SUSE Bug 1074919
https://bugzilla.suse.com/1075006
SUSE Bug 1075006
https://bugzilla.suse.com/1075007
SUSE Bug 1075007
https://bugzilla.suse.com/1075262
SUSE Bug 1075262
https://bugzilla.suse.com/1075419
SUSE Bug 1075419
https://bugzilla.suse.com/1076115
SUSE Bug 1076115
https://bugzilla.suse.com/1076372
SUSE Bug 1076372
https://bugzilla.suse.com/1076606
SUSE Bug 1076606
https://bugzilla.suse.com/1078353
SUSE Bug 1078353
https://bugzilla.suse.com/1080039
SUSE Bug 1080039
https://bugzilla.suse.com/1087887
SUSE Bug 1087887
https://bugzilla.suse.com/1087939
SUSE Bug 1087939
https://bugzilla.suse.com/1088147
SUSE Bug 1088147
https://bugzilla.suse.com/1089055
SUSE Bug 1089055

SUSE-SU-2018:0019-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

Ссылки

Уязвимость: CVE-2017-2633

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-5715

Описание

Затронутые продукты

Ссылки