Lucene search

HistorySep 01, 2017 - 3:09 a.m.

Security update for xen (important)






This update for xen fixes several issues.

These security issues were fixed:

  • CVE-2017-12135: Unbounded recursion in grant table code allowed a
    malicious guest to crash the host or potentially escalate
    privileges/leak information (XSA-226, bsc#1051787).
  • CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
    privilege escalation (XSA-227, bsc#1051788).
  • CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
    guest OS users to cause a denial of service (out-of-bounds read) via a
    crafted DHCP
    options string (bsc#1049578).
  • CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
    attackers to cause a denial of service (daemon crash) by disconnecting
    during a server-to-client reply attempt (bsc#1046637).
  • CVE-2017-11334: The address_space_write_continue function in exec.c
    allowed local guest OS privileged users to cause a denial of service
    (out-of-bounds access and guest instance crash) by leveraging use of
    qemu_map_ram_ptr to access guest ram block area (bsc#1048920).
  • CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed
    local guest OS users to cause a denial of service via vectors related to
    logging debug messages (bsc#1047675).
  • bsc#1052686: Premature clearing of GTF_writing / GTF_reading lead to
    potentially leaking sensitive information (XSA-230).

This non-security issue was fixed:

  • bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd