SUSE Linux 12: 2017:3239-1 Important Xen DoS Risk Resolution

suse

December 8, 2017

An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes ...

Summary

This update for xen fixes several issues. These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and

Topics Covered

security advisory information leak critical DoS threat SUSE Linux xen

References

#1055047 #1056336 #1061075 #1061081 #1061086

#1063123 #1068187 #1068191

Cross- CVE-2017-13672 CVE-2017-15289 CVE-2017-15592

CVE-2017-15595 CVE-2017-15597

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-13672.html

https://www.suse.com/security/cve/CVE-2017-15289.html

https://www.suse.com/security/cve/CVE-2017-15592.html

https://www.suse.com/security/cve/CVE-2017-15595.html

https://www.suse.com/security/cve/CVE-2017-15597.html

https://bugzilla.suse.com/1055047

https://bugzilla.suse.com/1056336

https://bugzilla.suse.com/1061075

https://bugzilla.suse.com/1061081

https://bugzilla.suse.com/1061086

https://bugzilla.suse.com/1063123

https://bugzilla.suse.com/1068187

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:3239-1

Rating: important

Topics Covered

security advisory information leak critical DoS threat SUSE Linux xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12: 2017:3239-1 Important Xen DoS Risk Resolution

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12: 2017:3239-1 Important Xen DoS Risk Resolution

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!