Explore top 10 tips to secure your open-source projects now. Read More
×
This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in SLE 15 (fate#324200). These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)
#1054724 #1055587 #1056291 #1056334 #1057378
#1057585 #1057966 #1062069 #1062942 #1063122
Cross- CVE-2017-10911 CVE-2017-12809 CVE-2017-13672
CVE-2017-13711 CVE-2017-14167 CVE-2017-15038
CVE-2017-15268 CVE-2017-15289
Affected Products:
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
https://www.suse.com/security/cve/CVE-2017-10911.html
https://www.suse.com/security/cve/CVE-2017-12809.html
https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-13711.html
https://www.suse.com/security/cve/CVE-2017-14167.html
https://www.suse.com/security/cve/CVE-2017-15038.html
https://www.suse.com/security/cve/CVE-2017-15268.html
Get the latest Linux and open source security news straight to your inbox.