Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 476
Alerts This Week
Warning Icon 1 476

SUSE: 2017:1812-1 Critical: xen DoS and Privilege Escalation Fix

suse
Calendar Grey July 7, 2017
Dist Suse Esm H88
Canonical releases important patches for KVM, targeting several flaws and enhancing overall system integrity.
An update that solves 17 vulnerabilities and has one errata An update that solves 17 vulnerabilities and has one errata An update that solves 17 vulnerabilities and has one errata ...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-10911: blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - CVE-2017-10917: Missing NULL pointer check in event channel poll allows

References

#1014136 #1026236 #1027519 #1031460 #1034845

#1036470 #1037243 #1042160 #1042863 #1042882

#1042893 #1042915 #1042923 #1042924 #1042931

#1042938 #1043074 #1043297

Cross- CVE-2017-10911 CVE-2017-10912 CVE-2017-10913

CVE-2017-10914 CVE-2017-10915 CVE-2017-10916

CVE-2017-10917 CVE-2017-10918 CVE-2017-10920

CVE-2017-10921 CVE-2017-10922 CVE-2017-8112

CVE-2017-8309 CVE-2017-8905 CVE-2017-9330

CVE-2017-9374 CVE-2017-9503

Affected Products:

SUSE OpenStack Cloud 6

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2017-10911.html

https://www.suse.com/security/cve/CVE-2017-10912.html

https://www.suse.com/security/cve/CVE-2017-10913.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1812-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.