Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 552
Alerts This Week
Warning Icon 1 552

openSUSE Leap 42.2 Important: 2017:0665-1 Xen Privilege Escalation

opensuse
Calendar Grey March 11, 2017
Dist Opensuse Esm H88
Ubuntu Security Update resolves five security issues and features essential patches for systemd, enhancing platform stability.
An update that solves four vulnerabilities and has 7 fixes An update that solves four vulnerabilities and has 7 fixes An update that solves four vulnerabilities and has 7 fixes is ...

Description

This update for xen fixes several issues.

These security issues were fixed:

- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine

cirrus_bitblt_cputovideo failed to check the memory region, allowing for

an out-of-bounds write that allows for privilege escalation

(bsc#1024834).

- CVE-2017-2615: An error in the bitblt copy operation could have allowed

a malicious guest administrator to cause an out of bounds memory access,

possibly leading to information disclosure or privilege escalation

(bsc#1023004).

- A malicious guest could have, by frequently rebooting over extended

periods of time, run the host system out of memory, resulting in a

Denial of Service (DoS) (bsc#1022871)

- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable

to a divide by zero issue while copying VGA data. A privileged user

inside guest could have used this flaw to crash the process instance on

the...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-329=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

xen-debugsource-4.7.1_06-9.2

xen-devel-4.7.1_06-9.2

xen-libs-4.7.1_06-9.2

xen-libs-debuginfo-4.7.1_06-9.2

xen-tools-domU-4.7.1_06-9.2

xen-tools-domU-debuginfo-4.7.1_06-9.2

- openSUSE Leap 42.2 (x86_64):

xen-4.7.1_06-9.2

xen-doc-html-4.7.1_06-9.2

xen-libs-32bit-4.7.1_06-9.2

xen-libs-debuginfo-32bit-4.7.1_06-9.2

xen-tools-4.7.1_06-9.2

xen-tools-debuginfo-4.7.1_06-9.2

References

https://www.suse.com/security/cve/CVE-2016-9921.html

https://www.suse.com/security/cve/CVE-2016-9922.html

https://www.suse.com/security/cve/CVE-2017-2615.html

https://www.suse.com/security/cve/CVE-2017-2620.html

https://bugzilla.suse.com/1000195

https://bugzilla.suse.com/1002496

https://bugzilla.suse.com/1005028

https://bugzilla.suse.com/1012651

https://bugzilla.suse.com/1014298

https://bugzilla.suse.com/1014300

https://bugzilla.suse.com/1015169

https://bugzilla.suse.com/1016340

https://bugzilla.suse.com/1022871

https://bugzilla.suse.com/1023004

https://bugzilla.suse.com/1024834

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0665-1
Rating: important
Affected Products: openSUSE Leap 42.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.