Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

SUSE: 2022:4820-1 Critical: KVM Memory Corruption and Vulnerability Alerts

suse
Calendar Grey November 3, 2017
Dist Suse Esm H88
SUSE Security Patch for QEMU addresses multiple high-severity vulnerabilities, outlining comprehensive resolutions and security improvements.
An update that solves 8 vulnerabilities and has two fixes An update that solves 8 vulnerabilities and has two fixes An update that solves 8 vulnerabilities and has two fixes is now...

Summary

This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in SLE 15 (fate#324200). These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)

References

#1054724 #1055587 #1056291 #1056334 #1057378

#1057585 #1057966 #1062069 #1062942 #1063122

Cross- CVE-2017-10911 CVE-2017-12809 CVE-2017-13672

CVE-2017-13711 CVE-2017-14167 CVE-2017-15038

CVE-2017-15268 CVE-2017-15289

Affected Products:

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-10911.html

https://www.suse.com/security/cve/CVE-2017-12809.html

https://www.suse.com/security/cve/CVE-2017-13672.html

https://www.suse.com/security/cve/CVE-2017-13711.html

https://www.suse.com/security/cve/CVE-2017-14167.html

https://www.suse.com/security/cve/CVE-2017-15038.html

https://www.suse.com/security/cve/CVE-2017-15268.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2924-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.