SUSE: 2020:2052-2 Essential Updates Addressing Xen Security Vulnerabilities

suse

May 2, 2017

An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes ...

Summary

This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the

Topics Covered

security advisory software update privilege escalation DoS important SUSE Linux xen

References

#1028655 #1029827 #1030144 #1034843 #1034844

#1034845 #1034994 #1035483

Cross- CVE-2016-9603 CVE-2017-7718 CVE-2017-7980

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2016-9603.html

https://www.suse.com/security/cve/CVE-2017-7718.html

https://www.suse.com/security/cve/CVE-2017-7980.html

https://bugzilla.suse.com/1028655

https://bugzilla.suse.com/1029827

https://bugzilla.suse.com/1030144

https://bugzilla.suse.com/1034843

https://bugzilla.suse.com/1034844

https://bugzilla.suse.com/1034845

https://bugzilla.suse.com/1034994

https://bugzilla.suse.com/1035483

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:1145-1

Rating: important

Topics Covered

security advisory software update privilege escalation DoS important SUSE Linux xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:2052-2 Essential Updates Addressing Xen Security Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:2052-2 Essential Updates Addressing Xen Security Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!