SUSE Linux 12-SP2: 2017:1143-1 Important: Xen Memory Access Issues Fixed

suse

May 2, 2017

An update that solves two vulnerabilities and has 6 fixes An update that solves two vulnerabilities and has 6 fixes An update that solves two vulnerabilities and has 6 fixes is now...

Summary

This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the

Topics Covered

security advisory privilege escalation DoS memory issue SUSE Linux system access xen

References

#1022703 #1028655 #1029827 #1030144 #1034843

#1034844 #1034994 #1036146

Cross- CVE-2016-9603 CVE-2017-7718

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

https://www.suse.com/security/cve/CVE-2016-9603.html

https://www.suse.com/security/cve/CVE-2017-7718.html

https://bugzilla.suse.com/1022703

https://bugzilla.suse.com/1028655

https://bugzilla.suse.com/1029827

https://bugzilla.suse.com/1030144

https://bugzilla.suse.com/1034843

https://bugzilla.suse.com/1034844

https://bugzilla.suse.com/1034994

https://bugzilla.suse.com/1036146

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:1143-1

Rating: important

Topics Covered

security advisory privilege escalation DoS memory issue SUSE Linux system access xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP2: 2017:1143-1 Important: Xen Memory Access Issues Fixed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP2: 2017:1143-1 Important: Xen Memory Access Issues Fixed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!