SUSE: 2023:3012-1 Critical: Various Vulnerabilities in OpenSSL

suse

July 4, 2017

An update that solves 6 vulnerabilities and has 12 fixes is An update that solves 6 vulnerabilities and has 12 fixes is An update that solves 6 vulnerabilities and has 12 fixes is ...

Summary

This update for xen fixes several issues. These security issues were fixed: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)

Topics Covered

security advisory critical privilege escalation DoS important SUSE xen update

References

#1014136 #1026236 #1027519 #1031460 #1032148

#1034845 #1036470 #1037243 #1042160 #1042863

#1042882 #1042893 #1042915 #1042924 #1042931

#1042938 #1043074 #1043297

Cross- CVE-2017-8112 CVE-2017-8309 CVE-2017-8905

CVE-2017-9330 CVE-2017-9374 CVE-2017-9503

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-8112.html

https://www.suse.com/security/cve/CVE-2017-8309.html

https://www.suse.com/security/cve/CVE-2017-8905.html

https://www.suse.com/security/cve/CVE-2017-9330.html

https://www.suse.com/security/cve/CVE-2017-9374.html

https://www.suse.com/security/cve/CVE-2017-9503.html

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:1770-1

Rating: important

Topics Covered

security advisory critical privilege escalation DoS important SUSE xen update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2023:3012-1 Critical: Various Vulnerabilities in OpenSSL

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2023:3012-1 Critical: Various Vulnerabilities in OpenSSL

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!