Lucene search
SuseOPENSUSE-SU-2017:3194-1HistoryDec 02, 2017 - 6:11 p.m.
Security update for xen (important)
2017-12-0218:11:39
lists.opensuse.org
106
0.002 Low
EPSS
Percentile
61.6%
This update for xen to version 4.7.4 (bsc#1027519) fixes several issues.
This new feature was added:
- Support migration of HVM domains larger than 1 TB
These security issues were fixed:
- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD)
code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged
guests to retain a writable mapping of freed memory leading to
information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying
domain allowed a malicious guest administrator to corrupt hypervisor
memory, allowing for DoS or potentially privilege escalation and
information leaks (bsc#1061075).
This non-security issue was fixed:
- bsc#1055047: Fixed --initrd-inject option in virt-install
This update was imported from the SUSE:SLE-12-SP2:Update update project.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 42.2 | i586 | xen-debugsource | < 4.7.4_02-11.21.1 | xen-debugsource-4.7.4_02-11.21.1.i586.rpm |
| openSUSE Leap | 42.2 | i586 | xen-libs-debuginfo | < 4.7.4_02-11.21.1 | xen-libs-debuginfo-4.7.4_02-11.21.1.i586.rpm |
| openSUSE Leap | 42.2 | i586 | xen-devel | < 4.7.4_02-11.21.1 | xen-devel-4.7.4_02-11.21.1.i586.rpm |
| openSUSE Leap | 42.2 | i586 | xen-libs | < 4.7.4_02-11.21.1 | xen-libs-4.7.4_02-11.21.1.i586.rpm |
| openSUSE Leap | 42.2 | x86_64 | xen-libs | < 4.7.4_02-11.21.1 | xen-libs-4.7.4_02-11.21.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | xen-libs-32bit | < 4.7.4_02-11.21.1 | xen-libs-32bit-4.7.4_02-11.21.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | xen-tools-domu | < 4.7.4_02-11.21.1 | xen-tools-domU-4.7.4_02-11.21.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | xen-tools-domu-debuginfo | < 4.7.4_02-11.21.1 | xen-tools-domU-debuginfo-4.7.4_02-11.21.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | xen-libs-debuginfo | < 4.7.4_02-11.21.1 | xen-libs-debuginfo-4.7.4_02-11.21.1.x86_64.rpm |
| openSUSE Leap | 42.2 | x86_64 | xen-doc-html | < 4.7.4_02-11.21.1 | xen-doc-html-4.7.4_02-11.21.1.x86_64.rpm |
Related
suse
suse
Security update for xen (important)
2017-11-29 19:37:56
Security update for xen (important)
2017-12-02 18:10:43
Security update for xen (important)
2017-12-01 18:11:44
nessus
nessus
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:3115-1)
2017-11-30 00:00:00
openSUSE Security Update : xen (openSUSE-2017-1322)
2017-12-14 00:00:00
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:3178-1)
2017-12-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:3178-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:3115-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2017:3193-1)
2017-12-04 00:00:00
cve
cve
CVE-2017-15597
2017-10-30 14:29:00
CVE-2017-15289
2017-10-16 18:29:00
citrix
citrix
CVE-2017-15597 - Citrix XenServer Security Update
2017-10-24 04:00:00
prion
prion
Memory corruption
2017-10-30 14:29:00
Out-of-bounds
2017-10-16 18:29:00
osv
osv
CVE-2017-15597
2017-10-30 14:29:00
CVE-2017-15289
2017-10-16 18:29:00
qemu - security update
2018-05-29 00:00:00
xen
xen
pin count / page reference race in grant table code
2017-10-24 12:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:05
redhat
redhat
(RHSA-2018:0516) Moderate: qemu-kvm security update
2018-03-13 17:31:37
(RHSA-2017:3368) Moderate: qemu-kvm security update
2017-11-30 20:14:11
(RHSA-2017:3369) Moderate: qemu-kvm-rhev security and bug fix update
2017-11-30 20:14:52
centos
centos
qemu security update
2018-03-14 14:47:19
qemu security update
2017-12-06 13:15:27
redhatcve
redhatcve
CVE-2017-15597
2017-10-26 15:19:01
CVE-2017-15289
2020-04-09 06:55:07
ubuntucve
ubuntucve
CVE-2017-15597
2017-10-30 00:00:00
CVE-2017-15289
2017-10-16 00:00:00
debiancve
debiancve
CVE-2017-15597
2017-10-30 14:29:00
CVE-2017-15289
2017-10-16 18:29:00
f5
f5
K22572754 : QEMU vulnerability CVE-2017-15289
2021-01-25 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2018-03-13 00:00:00
qemu-kvm security update
2017-11-30 00:00:00
qemu-kvm security, bug fix, and enhancement update
2018-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: xen-4.9.0-13.fc27
2017-11-11 13:51:18
[SECURITY] Fedora 26 Update: xen-4.8.2-5.fc26
2017-11-15 20:21:51
[SECURITY] Fedora 25 Update: xen-4.7.3-8.fc25
2017-11-15 22:30:19
amazon
amazon
Medium: qemu-kvm
2017-12-20 18:55:00
debian
debian
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
[SECURITY] [DSA 4050-1] xen security update
2017-11-28 19:48:09
ubuntu
ubuntu
QEMU regression
2018-03-05 00:00:00
QEMU vulnerabilities
2018-02-20 00:00:00