Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

SUSE 11-SP4: 2017:2963-1 Important KVM Security Fix - Denial of Service

suse
Calendar Grey November 10, 2017
Dist Suse Esm H88
This essential SUSE Security Patch addresses 23 vulnerabilities concerning kvm and boosts overall system integrity with vital remedies.
An update that solves 23 vulnerabilities and has 6 fixes is An update that solves 23 vulnerabilities and has 6 fixes is An update that solves 23 vulnerabilities and has 6 fixes is ...

Summary

This update for kvm fixes several issues. These security issues were fixed: - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636)

References

#1020427 #1021741 #1025109 #1028184 #1028656

#1030624 #1031051 #1034044 #1034866 #1034908

#1035406 #1035950 #1037242 #1038396 #1039495

#1042159 #1042800 #1042801 #1043296 #1045035

#1046636 #1047674 #1048902 #1049381 #1049785

#1056334 #1057585 #1062069 #1063122

Cross- CVE-2016-9602 CVE-2016-9603 CVE-2017-10664

CVE-2017-10806 CVE-2017-11334 CVE-2017-11434

CVE-2017-13672 CVE-2017-14167 CVE-2017-15038

CVE-2017-15289 CVE-2017-5579 CVE-2017-5973

CVE-2017-6505 CVE-2017-7471 CVE-2017-7493

CVE-2017-7718 CVE-2017-7980 CVE-2017-8086

CVE-2017-8309 CVE-2017-9330 CVE-2017-9373

CVE-2017-9375 CVE-2017-9503

Affected Products:

SUSE Linux Enterprise Server 11-SP4

https://www.suse.com/security/cve/CVE-2016-9602.html

https://www.suse.com/secu...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2963-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.