Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:14702-1

Опубликовано: 19 апр. 2021
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

  • CVE-2021-3419: Fixed a stack overflow induced by infinite recursion issue (bsc#1182975).
  • CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846)
  • xenstored crashing with segfault (bsc#1182155).

Список пакетов

SUSE Linux Enterprise Server 11 SP4-LTSS
xen-4.4.4_48-61.64.1
xen-doc-html-4.4.4_48-61.64.1
xen-kmp-default-4.4.4_48_3.0.101_108.123-61.64.1
xen-kmp-pae-4.4.4_48_3.0.101_108.123-61.64.1
xen-libs-4.4.4_48-61.64.1
xen-libs-32bit-4.4.4_48-61.64.1
xen-tools-4.4.4_48-61.64.1
xen-tools-domU-4.4.4_48-61.64.1

Ссылки

Описание

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_48-61.64.1
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_48-61.64.1
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_48_3.0.101_108.123-61.64.1
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_48_3.0.101_108.123-61.64.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_48-61.64.1
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_48-61.64.1
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_48_3.0.101_108.123-61.64.1
SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_48_3.0.101_108.123-61.64.1
Ссылки