|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2017:3212-1)|
|Summary:||The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2017:3212-1 advisory.|
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2017:3212-1 advisory.
This update for xen fixes several issues.
These security issues were fixed:
- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
- CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS
(unbounded recursion, stack consumption, and hypervisor crash) or
possibly gain privileges via crafted page-table stacking (bsc#1061081).
- CVE-2017-15592: x86 HVM guest OS users were able to cause a DoS
(hypervisor crash) or possibly gain privileges because self-linear
shadow mappings were mishandled for translated guests (bsc#1061086).
'xen' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2017-15289|
Common Vulnerability Exposure (CVE) ID: CVE-2017-15592
Common Vulnerability Exposure (CVE) ID: CVE-2017-15595
Common Vulnerability Exposure (CVE) ID: CVE-2017-15597
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.