Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:14201-1

Опубликовано: 25 окт. 2019
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

  • CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
  • CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
  • CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).
  • CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
  • CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905).
  • CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).
  • CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
xen-libs-4.2.5_21-45.33.1
xen-tools-domU-4.2.5_21-45.33.1

Ссылки

Описание

Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1
SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1
Ссылки
Уязвимость SUSE-SU-2019:14201-1