Security update for xen (important)

2017-04-19T15:06:52
ID SUSE-SU-2017:1058-1
Type suse
Reporter Suse
Modified 2017-04-19T15:06:52

Description

This update for xen fixes the following security issues:

  • CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).
  • CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).
  • CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).