openSUSE Leap 42.3: 2017:2821-1 Important: Xen DoS Issues Fixed
opensuse
October 21, 2017
An update that solves 8 vulnerabilities and has three fixes An update that solves 8 vulnerabilities and has three fixes An update that solves 8 vulnerabilities and has three fixes ...
Description
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
- CVE-2017-15593: Missing cleanup in the page type system allowed a
malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
- CVE-2017-15592: A problem in the shadow pagetable code allowed a
malicious or buggy HVM guest to cause DoS or cause hypervisor memory
corruption potentially allowing the guest to escalate its privilege
(XSA-243 bsc#1061086)
- CVE-2017-15594: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
- CVE-2017-15591: Missing checks in the handling of DMOPs...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1181=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.3 (x86_64):
xen-4.9.0_14-10.1
xen-debugsource-4.9.0_14-10.1
xen-devel-4.9.0_14-10.1
xen-doc-html-4.9.0_14-10.1
xen-libs-4.9.0_14-10.1
xen-libs-debuginfo-4.9.0_14-10.1
xen-tools-4.9.0_14-10.1
xen-tools-debuginfo-4.9.0_14-10.1
xen-tools-domU-4.9.0_14-10.1
xen-tools-domU-debuginfo-4.9.0_14-10.1
References
https://www.suse.com/security/cve/CVE-2017-15588.html
https://www.suse.com/security/cve/CVE-2017-15589.html
https://www.suse.com/security/cve/CVE-2017-15590.html
https://www.suse.com/security/cve/CVE-2017-15592.html
https://www.suse.com/security/cve/CVE-2017-15593.html
https://www.suse.com/security/cve/CVE-2017-15594.html
https://www.suse.com/security/cve/CVE-2017-15595.html
https://www.suse.com/security/cve/CVE-2017-5526.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1055321
https://bugzilla.suse.com/1059777
https://bugzilla.suse.com/1061076
https://bugzilla.suse.com/1061077
https://bugzilla.suse.com/1061080
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061082
https://bugzilla.suse.com/1061084
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1061087
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:2821-1
Rating: important
Affected Products:
openSUSE Leap 42.3
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!