Lucene search
SuseSUSE-SU-2017:2751-1HistoryOct 17, 2017 - 6:15 p.m.
Security update for xen (important)
2017-10-1718:15:44
lists.opensuse.org
30
0.001 Low
EPSS
Percentile
25.2%
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777) - bsc#1061084: Missing cleanup in the page type system allowed a malicious
or buggy PV guest to cause DoS (XSA-242) - bsc#1061086: A problem in the shadow pagetable code allowed a malicious
or buggy HVM guest to cause DoS or cause hypervisor memory corruption
potentially allowing the guest to escalate its privilege (XSA-243) - bsc#1061087: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244) - bsc#1061077 Missing checks in the handling of DMOPs allowed malicious or
buggy stub domain kernels or tool stacks otherwise living outside of
Domain0 to cause a DoS (XSA-238) - bsc#1061080: Intercepted I/O write operations with less than a full
machine word’s worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239) - bsc#1061081: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240) - bsc#1061082: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241) - bsc#1061076: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237) - bsc#1055321: When dealing with the grant map space of add-to-physmap
operations, ARM specific code failed to release a lock. This allowed a
malicious guest administrator to cause DoS (XSA-235)
Related
nessus
nessus
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2751-1)
2017-10-18 00:00:00
Fedora 25 : xen (2017-cdb53b04e0)
2017-02-15 00:00:00
Fedora 24 : xen (2017-d4ee7018c1)
2017-02-28 00:00:00
osv
osv
CVE-2017-5526
2017-03-15 15:59:00
qemu - security update
2018-09-06 00:00:00
ubuntucve
ubuntucve
CVE-2017-5526
2017-03-15 00:00:00
debiancve
debiancve
CVE-2017-5526
2017-03-15 15:59:00
prion
prion
Memory corruption
2017-03-15 15:59:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:25:42
cve
cve
CVE-2017-5526
2017-03-15 15:59:00
CVE-2017-8767
2017-05-08 21:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:2751-1)
2021-04-19 00:00:00
Fedora Update for xen FEDORA-2017-d4ee7018c1
2017-02-26 00:00:00
Fedora Update for xen FEDORA-2017-cdb53b04e0
2017-02-20 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: xen-4.7.1-7.fc25
2017-02-14 21:27:38
[SECURITY] Fedora 24 Update: xen-4.6.4-7.fc24
2017-02-26 00:21:09
[SECURITY] Fedora 24 Update: qemu-2.6.2-7.fc24
2017-03-21 16:52:35
suse
suse
Security update for xen (important)
2017-10-20 21:08:07
Security update for xen (important)
2017-10-20 21:10:15
Security update for xen (important)
2017-10-26 18:09:11
ubuntu
ubuntu
QEMU vulnerabilities
2017-04-20 00:00:00
debian
debian
[SECURITY] [DLA 1497-1] qemu security update
2018-09-06 18:49:12