Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2017:1058-1 Critical: Xen Denial of Service and Memory Flaws

suse
Calendar Grey April 19, 2017
Scroller Suse
OpenSUSE Security Update for kernel addresses major vulnerabilities. Key details outlined.
An update that fixes three vulnerabilities is now available

Summary

This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5:

References

#1027570 #1028235 #1030442

Cross- CVE-2017-6414 CVE-2017-6505 CVE-2017-7228

Affected Products:

SUSE OpenStack Cloud 5

SUSE Manager Proxy 2.1

SUSE Manager 2.1

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2017-6414.html

https://www.suse.com/security/cve/CVE-2017-6505.html

https://www.suse.com/security/cve/CVE-2017-7228.html

https://bugzilla.suse.com/1027570

https://bugzilla.suse.com/1028235

https://bugzilla.suse.com/1030442

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1058-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.