Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SUSE Linux: 2017:0718-1 Important: Xen DoS and Escalation Threat

suse
Calendar Grey March 17, 2017
Dist Suse Esm H88
Crucial safety patch for Xen tackling various vulnerabilities such as DoS and privilege elevation risks for SUSE.
An update that solves 12 vulnerabilities and has one errata An update that solves 12 vulnerabilities and has one errata An update that solves 12 vulnerabilities and has one errata ...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator

References

#1002496 #1012651 #1013657 #1013668 #1014298

#1014507 #1015169 #1016340 #1022871 #1023004

#1024183 #1024834 #907805

Cross- CVE-2014-8106 CVE-2016-10013 CVE-2016-10024

CVE-2016-10155 CVE-2016-9101 CVE-2016-9776

CVE-2016-9911 CVE-2016-9921 CVE-2016-9922

CVE-2016-9932 CVE-2017-2615 CVE-2017-2620

Affected Products:

SUSE OpenStack Cloud 5

SUSE Manager Proxy 2.1

SUSE Manager 2.1

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2014-8106.html

https://www.suse.com/security/cve/CVE-2016-10013.html

https://www.suse.com/security/cve/CVE-2016-10024.html

https://www.suse.com/security/cve/CVE-2016-10155.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0718-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.