Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

SUSE Linux 12: SUSE-SU-2017:1148-1 Important: Xen DoS Risks

suse
Calendar Grey May 2, 2017
Scroller Suse
Critical vulnerabilities in Xen have prompted a significant security patch for SUSE, strengthening defenses to guard against possible threats.
An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four fixes is now av...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035483). - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via

References

#1029827 #1034843 #1034844 #1034845 #1034994

#1035483

Cross- CVE-2017-7718 CVE-2017-7980

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-7718.html

https://www.suse.com/security/cve/CVE-2017-7980.html

https://bugzilla.suse.com/1029827

https://bugzilla.suse.com/1034843

https://bugzilla.suse.com/1034844

https://bugzilla.suse.com/1034845

https://bugzilla.suse.com/1034994

https://bugzilla.suse.com/1035483

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1148-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.