SUSE: 2017:2327-2 Important: Xen DoS and Escalation Risks

suse

November 16, 2017

An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is now...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578).

Topics Covered

security advisory denial of service privilege escalation SUSE Linux xen update

References

#1002573 #1026236 #1027519 #1035231 #1046637

#1049578 #1051787 #1051788 #1051789 #1052686

#1055695

Cross- CVE-2017-10664 CVE-2017-11434 CVE-2017-12135

CVE-2017-12136 CVE-2017-12137 CVE-2017-12855

Affected Products:

SUSE Linux Enterprise Server 12-SP3

https://www.suse.com/security/cve/CVE-2017-10664.html

https://www.suse.com/security/cve/CVE-2017-11434.html

https://www.suse.com/security/cve/CVE-2017-12135.html

https://www.suse.com/security/cve/CVE-2017-12136.html

https://www.suse.com/security/cve/CVE-2017-12137.html

https://www.suse.com/security/cve/CVE-2017-12855.html

https://bugzilla.suse.com/1002573

https://bugzilla.suse.com/1026236

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1035231

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:2327-2

Rating: important

Topics Covered

security advisory denial of service privilege escalation SUSE Linux xen update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:2327-2 Important: Xen DoS and Escalation Risks

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:2327-2 Important: Xen DoS and Escalation Risks

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!