Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

openSUSE Leap 42.2: 2017:1078-1 Critical: Xen DoS Issues

opensuse
Calendar Grey April 20, 2017
Dist Opensuse Esm H88
Important security patch for openSUSE Leap 42.2 targeting vulnerabilities in xen, featuring multiple corrective measures.
An update that solves two vulnerabilities and has 8 fixes An update that solves two vulnerabilities and has 8 fixes An update that solves two vulnerabilities and has 8 fixes is now...

Description

This update for xen to version 4.7.2 fixes the following issues:

These security issues were fixed:

- CVE-2017-7228: Broken check in memory_exchange() permited PV guest

breakout (bsc#1030442).

- XSA-206: Unprivileged guests issuing writes to xenstore were able to

stall progress of the control domain or driver domain, possibly leading

to a Denial of Service (DoS) of the entire host (bsc#1030144).

- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c

allowed local guest OS users to cause a denial of service (infinite

loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).

These non-security issues were fixed:

- bsc#1015348: libvirtd didn't not start during boot

- bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen

hypervisor.

- bsc#1026236: Fixed paravirtualized performance

- bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add"

-...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-492=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

xen-debugsource-4.7.2_02-11.3.1

xen-devel-4.7.2_02-11.3.1

xen-libs-4.7.2_02-11.3.1

xen-libs-debuginfo-4.7.2_02-11.3.1

xen-tools-domU-4.7.2_02-11.3.1

xen-tools-domU-debuginfo-4.7.2_02-11.3.1

- openSUSE Leap 42.2 (x86_64):

xen-4.7.2_02-11.3.1

xen-doc-html-4.7.2_02-11.3.1

xen-libs-32bit-4.7.2_02-11.3.1

xen-libs-debuginfo-32bit-4.7.2_02-11.3.1

xen-tools-4.7.2_02-11.3.1

xen-tools-debuginfo-4.7.2_02-11.3.1

References

https://www.suse.com/security/cve/CVE-2017-6505.html

https://www.suse.com/security/cve/CVE-2017-7228.html

https://bugzilla.suse.com/1014136

https://bugzilla.suse.com/1015348

https://bugzilla.suse.com/1022555

https://bugzilla.suse.com/1026236

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1028235

https://bugzilla.suse.com/1029128

https://bugzilla.suse.com/1029827

https://bugzilla.suse.com/1030144

https://bugzilla.suse.com/1030442

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:1078-1
Rating: important
Affected Products: openSUSE Leap 42.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.