SUSE Linux 12-SP1: 2018:1234-5 Critical Qemu Vulnerability Patch

suse

November 8, 2017

An update that solves 33 vulnerabilities and has two fixes An update that solves 33 vulnerabilities and has two fixes An update that solves 33 vulnerabilities and has two fixes is ...

Summary

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378). - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)

Topics Covered

security advisory denial of service privilege escalation important memory leak qemu SUSE Linux Enterprise

References

#1020427 #1021741 #1025109 #1025311 #1028184

#1028656 #1030624 #1032075 #1034866 #1034908

#1035406 #1035950 #1036211 #1037242 #1037334

#1037336 #1039495 #1042159 #1042800 #1042801

#1043073 #1043296 #1045035 #1046636 #1047674

#1048902 #1049381 #1054724 #1056334 #1057378

#1057585 #1062069 #1063122 #994418 #994605

Cross- CVE-2016-6834 CVE-2016-6835 CVE-2016-9602

CVE-2016-9603 CVE-2017-10664 CVE-2017-10806

CVE-2017-10911 CVE-2017-11334 CVE-2017-11434

CVE-2017-12809 CVE-2017-13672 CVE-2017-14167

CVE-2017-15038 CVE-2017-15289 CVE-2017-5579

CVE-2017-5973 CVE-2017-5987 CVE-2017-6505

CVE-2017-7377 CVE-2017-7471 CVE-2017-7493

CVE-2017-7718 CVE-2017-7980 CVE-2017-8086

CVE-2017-8112 CVE-2017-8309 ...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:2946-1

Rating: important

Topics Covered

security advisory denial of service privilege escalation important memory leak qemu SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP1: 2018:1234-5 Critical Qemu Vulnerability Patch

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP1: 2018:1234-5 Critical Qemu Vulnerability Patch

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!