SUSE Linux Enterprise Server: 2017-2541-1 Important: Xen Security Update

suse

September 21, 2017

An update that solves 10 vulnerabilities and has four fixes An update that solves 10 vulnerabilities and has four fixes An update that solves 10 vulnerabilities and has four fixes ...

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP

Topics Covered

security advisory security update privilege escalation DoS important SUSE Xen

References

#1002573 #1027519 #1032598 #1037413 #1046637

#1047675 #1048920 #1049578 #1051787 #1051788

#1052686 #1056278 #1056281 #1056282

Cross- CVE-2017-10664 CVE-2017-10806 CVE-2017-11334

CVE-2017-11434 CVE-2017-12135 CVE-2017-12137

CVE-2017-12855 CVE-2017-14316 CVE-2017-14317

CVE-2017-14319

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-10664.html

https://www.suse.com/security/cve/CVE-2017-10806.html

https://www.suse.com/security/cve/CVE-2017-11334.html

https://www.suse.com/security/cve/CVE-2017-11434.html

https://www.suse.com/security/cve/CVE-2017-12135.html

https://www.suse.com/security/cve/CVE-2017-12137.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:2541-1

Rating: important

Topics Covered

security advisory security update privilege escalation DoS important SUSE Xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise Server: 2017-2541-1 Important: Xen Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise Server: 2017-2541-1 Important: Xen Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!