SUSE: 2017:2936-1 Important Denial of Service Update for QEMU

suse

November 6, 2017

An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes ...

Summary

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942). - CVE-2017-9524: The qemu-nbd server when built with the Network Block Device (NBD) Server support allowed remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs talking to a client in the nbd_negotiate function (bsc#1043808). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)

Topics Covered

security advisory denial of service security fix memory leak system update SUSE QEMU

References

#1043176 #1043808 #1046636 #1047674 #1048902

#1049381 #1054724 #1056334 #1057378 #1057585

#1057966 #1059369 #1062069 #1062942 #1063122

#997358

Cross- CVE-2017-10664 CVE-2017-10806 CVE-2017-10911

CVE-2017-11334 CVE-2017-11434 CVE-2017-12809

CVE-2017-13672 CVE-2017-14167 CVE-2017-15038

CVE-2017-15268 CVE-2017-15289 CVE-2017-9524

Affected Products:

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

https://www.suse.com/security/cve/CVE-2017-10664.html

https://www.suse.com/security/cve/CVE-2017-10806.html

https://www.suse.com/security/cve/CVE-2017-10911.html

https://www.suse.com/security/cve/CVE-2017-11334.html

https://www.suse.com/security/cve/CVE-2017-11434.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:2936-1

Rating: important

Topics Covered

security advisory denial of service security fix memory leak system update SUSE QEMU

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:2936-1 Important Denial of Service Update for QEMU

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:2936-1 Important Denial of Service Update for QEMU

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!