Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

SUSE 11-SP3 SUSE-SU-2017:2339-1 Important: Xen Denial Of Service

suse
Calendar Grey September 4, 2017
Dist Suse Esm H88
Crucial SUSE patch rectifies severe flaws in xen, tackling service interruptions and data exposure vulnerabilities.
An update that fixes 6 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230, bsc#1052686). - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920).

References

#1046637 #1048920 #1049578 #1051787 #1051788

#1052686

Cross- CVE-2017-10664 CVE-2017-11334 CVE-2017-11434

CVE-2017-12135 CVE-2017-12137 CVE-2017-12855

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2017-10664.html

https://www.suse.com/security/cve/CVE-2017-11334.html

https://www.suse.com/security/cve/CVE-2017-11434.html

https://www.suse.com/security/cve/CVE-2017-12135.html

https://www.suse.com/security/cve/CVE-2017-12137.html

https://www.suse.com/security/cve/CVE-2017-12855.html

https://bugzilla.suse.com/1046637

https://bugzilla.suse.com/1048920

https://bugzilla.suse.com/1049578

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2339-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.