Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 534
Alerts This Week
Warning Icon 1 534

SUSE: 2017:2969-1 Important: qemu Denial Of Service Attack Resolution

suse
Calendar Grey November 10, 2017
Dist Suse Esm H88
An essential patch from SUSE for qemu addresses 29 vulnerabilities, significantly bolstering the overall system's defense and reliability against possible attacks.
An update that solves 29 vulnerabilities and has two fixes An update that solves 29 vulnerabilities and has two fixes An update that solves 29 vulnerabilities and has two fixes is ...

Summary

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026612) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed

References

#1020427 #1021741 #1025109 #1025311 #1026612

#1028184 #1028656 #1030624 #1032075 #1034866

#1034908 #1035406 #1035950 #1036211 #1037242

#1039495 #1042159 #1042800 #1042801 #1043296

#1045035 #1046636 #1047674 #1048902 #1049381

#1056334 #1057585 #1062069 #1063122 #994418

#994605

Cross- CVE-2016-6834 CVE-2016-6835 CVE-2016-9602

CVE-2016-9603 CVE-2017-10664 CVE-2017-10806

CVE-2017-11334 CVE-2017-11434 CVE-2017-13672

CVE-2017-14167 CVE-2017-15038 CVE-2017-15289

CVE-2017-2633 CVE-2017-5579 CVE-2017-5973

CVE-2017-5987 CVE-2017-6505 CVE-2017-7377

CVE-2017-7471 CVE-2017-7493 CVE-2017-7718

CVE-2017-7980 CVE-2017-8086 CVE-2017-8112

CVE-2017-8309 CVE-2017-9330 CVE-2017-9373

CVE-2017-9375 CVE-2017-9503

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2969-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.