openSUSE 13.2: 2021:0012-1 Critical: Sudo Security Flaw and Remote Exploit
opensuse
January 2, 2017
An update that solves 19 vulnerabilities and has two fixes An update that solves 19 vulnerabilities and has two fixes An update that solves 19 vulnerabilities and has two fixes is ...
Description
This updates xen to version 4.4.4_06 to fix the following issues:
- An unprivileged user in a guest could gain guest could escalate
privilege to that of the guest kernel, if it had could invoke the
instruction emulator. Only 64-bit x86 HVM guest were affected. Linux
guest have not been vulnerable. (boo#1016340, CVE-2016-10013)
- An unprivileged user in a 64 bit x86 guest could gain information from
the host, crash the host or gain privilege of the host (boo#1009107,
CVE-2016-9383)
- An unprivileged guest process could (unintentionally or maliciously)
obtain
or ocorrupt sensitive information of other programs in the same guest.
Only x86 HVM guests have been affected. The attacker needs to be able
to trigger the Xen instruction emulator. (boo#1000106, CVE-2016-7777)
- A guest on x86 systems could read small parts of hypervisor stack data
(boo#1012651, CVE-2016-9932)
- A malicious guest kernel could hang or crash...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2017-5=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64):
xen-debugsource-4.4.4_06-58.1
xen-devel-4.4.4_06-58.1
xen-libs-4.4.4_06-58.1
xen-libs-debuginfo-4.4.4_06-58.1
xen-tools-domU-4.4.4_06-58.1
xen-tools-domU-debuginfo-4.4.4_06-58.1
- openSUSE 13.2 (x86_64):
xen-4.4.4_06-58.1
xen-doc-html-4.4.4_06-58.1
xen-kmp-default-4.4.4_06_k3.16.7_53-58.1
xen-kmp-default-debuginfo-4.4.4_06_k3.16.7_53-58.1
xen-kmp-desktop-4.4.4_06_k3.16.7_53-58.1
xen-kmp-desktop-debuginfo-4.4.4_06_k3.16.7_53-58.1
xen-libs-32bit-4.4.4_06-58.1
xen-libs-debuginfo-32bit-4.4.4_06-58.1
xen-tools-4.4.4_06-58.1
xen-tools-debuginfo-4.4.4_06-58.1
References
https://www.suse.com/security/cve/CVE-2016-10013.html
https://www.suse.com/security/cve/CVE-2016-10024.html
https://www.suse.com/security/cve/CVE-2016-7777.html
https://www.suse.com/security/cve/CVE-2016-7908.html
https://www.suse.com/security/cve/CVE-2016-7909.html
https://www.suse.com/security/cve/CVE-2016-8576.html
https://www.suse.com/security/cve/CVE-2016-8667.html
https://www.suse.com/security/cve/CVE-2016-8669.html
https://www.suse.com/security/cve/CVE-2016-8909.html
https://www.suse.com/security/cve/CVE-2016-8910.html
https://www.suse.com/security/cve/CVE-2016-9379.html
https://www.suse.com/security/cve/CVE-2016-9380.html
https://www.suse.com/security/cve/CVE-2016-9381.html
https://www.suse.com/security/cve/CVE-2016-9382.html
https://www.suse.com/security/cve/CVE-2016-9383.html
https://www.suse.com/security/cve/CVE-2016-9385.html
https://www.suse.com/security/cve/CVE-2016-9386.html
https://www.suse.com/security/cve/CVE-2016-9637.html
https://www.suse.com/security/cve/CVE-2016-9932.html
https://bu...
Read the Full Advisory
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:0008-1
Rating: important
Affected Products:
openSUSE 13.2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!