SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2864-1
Rating: important
References: #1027519 #1057358 #1059777 #1061076 #1061077
#1061080 #1061081 #1061082 #1061084 #1061086
#1061087
Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590
CVE-2017-15591 CVE-2017-15592 CVE-2017-15593
CVE-2017-15594 CVE-2017-15595 CVE-2017-5526
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
SUSE Container as a Service Platform ALL
______________________________________________________________________________
An update that solves 9 vulnerabilities and has two fixes
is now available.
Description:
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
- CVE-2017-15593: Missing cleanup in the page type system allowed a
malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
- CVE-2017-15592: A problem in the shadow pagetable code allowed a
malicious or buggy HVM guest to cause DoS or cause hypervisor memory
corruption potentially allowing the guest to escalate its privilege
(XSA-243 bsc#1061086)
- CVE-2017-15594: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
- CVE-2017-15591: Missing checks in the handling of DMOPs allowed
malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 to cause a DoS (XSA-238 bsc#1061077)
- CVE-2017-15589: Intercepted I/O write operations with less than a full
machine word's worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239 bsc#1061080)
- CVE-2017-15595: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240 bsc#1061081)
- CVE-2017-15588: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082)
- CVE-2017-15590: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237
bsc#1061076)
This non-security issue was fixed:
- bsc#1057358: Fixed boot when secure boot is enabled
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1785=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1785=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1785=1
- SUSE Container as a Service Platform ALL:
zypper in -t patch SUSE-CAASP-ALL-2017-1785=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64):
xen-debugsource-4.7.3_06-43.15.1
xen-devel-4.7.3_06-43.15.1
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
xen-4.7.3_06-43.15.1
xen-debugsource-4.7.3_06-43.15.1
xen-doc-html-4.7.3_06-43.15.1
xen-libs-32bit-4.7.3_06-43.15.1
xen-libs-4.7.3_06-43.15.1
xen-libs-debuginfo-32bit-4.7.3_06-43.15.1
xen-libs-debuginfo-4.7.3_06-43.15.1
xen-tools-4.7.3_06-43.15.1
xen-tools-debuginfo-4.7.3_06-43.15.1
xen-tools-domU-4.7.3_06-43.15.1
xen-tools-domU-debuginfo-4.7.3_06-43.15.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
xen-4.7.3_06-43.15.1
xen-debugsource-4.7.3_06-43.15.1
xen-libs-32bit-4.7.3_06-43.15.1
xen-libs-4.7.3_06-43.15.1
xen-libs-debuginfo-32bit-4.7.3_06-43.15.1
xen-libs-debuginfo-4.7.3_06-43.15.1
- SUSE Container as a Service Platform ALL (x86_64):
xen-debugsource-4.7.3_06-43.15.1
xen-libs-4.7.3_06-43.15.1
xen-libs-debuginfo-4.7.3_06-43.15.1
xen-tools-domU-4.7.3_06-43.15.1
xen-tools-domU-debuginfo-4.7.3_06-43.15.1
References:
https://www.suse.com/security/cve/CVE-2017-15588.htmlhttps://www.suse.com/security/cve/CVE-2017-15589.htmlhttps://www.suse.com/security/cve/CVE-2017-15590.htmlhttps://www.suse.com/security/cve/CVE-2017-15591.htmlhttps://www.suse.com/security/cve/CVE-2017-15592.htmlhttps://www.suse.com/security/cve/CVE-2017-15593.htmlhttps://www.suse.com/security/cve/CVE-2017-15594.htmlhttps://www.suse.com/security/cve/CVE-2017-15595.htmlhttps://www.suse.com/security/cve/CVE-2017-5526.htmlhttps://bugzilla.suse.com/1027519https://bugzilla.suse.com/1057358https://bugzilla.suse.com/1059777https://bugzilla.suse.com/1061076https://bugzilla.suse.com/1061077https://bugzilla.suse.com/1061080https://bugzilla.suse.com/1061081https://bugzilla.suse.com/1061082https://bugzilla.suse.com/1061084https://bugzilla.suse.com/1061086https://bugzilla.suse.com/1061087
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2856-1
Rating: important
References: #1027519 #1059777 #1061076 #1061080 #1061081
#1061082 #1061084 #1061086 #1061087
Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590
CVE-2017-15592 CVE-2017-15593 CVE-2017-15594
CVE-2017-15595 CVE-2017-5526
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________
An update that solves 8 vulnerabilities and has one errata
is now available.
Description:
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
- CVE-2017-15593: Missing cleanup in the page type system allowed a
malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
- CVE-2017-15592: A problem in the shadow pagetable code allowed a
malicious or buggy HVM guest to cause DoS or cause hypervisor memory
corruption potentially allowing the guest to escalate its privilege
(XSA-243 bsc#1061086)
- CVE-2017-15594: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
- CVE-2017-15589: Intercepted I/O write operations with less than a full
machine word's worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239 bsc#1061080)
- CVE-2017-15595: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240 bsc#1061081)
- CVE-2017-15588: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082)
- CVE-2017-15590: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237
bsc#1061076)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-1778=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
xen-4.4.4_24-22.54.1
xen-debugsource-4.4.4_24-22.54.1
xen-doc-html-4.4.4_24-22.54.1
xen-kmp-default-4.4.4_24_k3.12.61_52.92-22.54.1
xen-kmp-default-debuginfo-4.4.4_24_k3.12.61_52.92-22.54.1
xen-libs-32bit-4.4.4_24-22.54.1
xen-libs-4.4.4_24-22.54.1
xen-libs-debuginfo-32bit-4.4.4_24-22.54.1
xen-libs-debuginfo-4.4.4_24-22.54.1
xen-tools-4.4.4_24-22.54.1
xen-tools-debuginfo-4.4.4_24-22.54.1
xen-tools-domU-4.4.4_24-22.54.1
xen-tools-domU-debuginfo-4.4.4_24-22.54.1
References:
https://www.suse.com/security/cve/CVE-2017-15588.htmlhttps://www.suse.com/security/cve/CVE-2017-15589.htmlhttps://www.suse.com/security/cve/CVE-2017-15590.htmlhttps://www.suse.com/security/cve/CVE-2017-15592.htmlhttps://www.suse.com/security/cve/CVE-2017-15593.htmlhttps://www.suse.com/security/cve/CVE-2017-15594.htmlhttps://www.suse.com/security/cve/CVE-2017-15595.htmlhttps://www.suse.com/security/cve/CVE-2017-5526.htmlhttps://bugzilla.suse.com/1027519https://bugzilla.suse.com/1059777https://bugzilla.suse.com/1061076https://bugzilla.suse.com/1061080https://bugzilla.suse.com/1061081https://bugzilla.suse.com/1061082https://bugzilla.suse.com/1061084https://bugzilla.suse.com/1061086https://bugzilla.suse.com/1061087
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for openvpn
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2839-1
Rating: important
References: #1060877
Cross-References: CVE-2017-12166
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvpn fixes the following issues:
- CVE-2017-12166: Lack of bound check in read_key in old legacy key
handling before using values could be used for a remote buffer overflow
(bsc#1060877).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1762=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1762=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1762=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1762=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1762=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1762=1
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-1762=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1762=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1762=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
openvpn-2.3.8-16.20.1
openvpn-auth-pam-plugin-2.3.8-16.20.1
openvpn-auth-pam-plugin-debuginfo-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
openvpn-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
openvpn-2.3.8-16.20.1
openvpn-debuginfo-2.3.8-16.20.1
openvpn-debugsource-2.3.8-16.20.1
References:
https://www.suse.com/security/cve/CVE-2017-12166.htmlhttps://bugzilla.suse.com/1060877
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for openvpn
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2838-1
Rating: important
References: #1038709 #1038711 #1038713 #1060877 #995374
Cross-References: CVE-2016-6329 CVE-2017-12166 CVE-2017-7478
CVE-2017-7479
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for openvpn fixes the following security issues:
- CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow
vulnerability when key-method 1 is used, possibly resulting in code
execution. (bsc#1060877).
- CVE-2016-6329: Now show which ciphers should no longer be used in
openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374)
- CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of
Service of server via received large control packet. (bsc#1038709)
- CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when
packet-ID counter rolls over resulting into Denial of Service of server
by authenticated attacker. (bsc#1038711)
- Some other hardening fixes have also been applied (bsc#1038713)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-openvpn-13322=1
- SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-openvpn-13322=1
- SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-openvpn-13322=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-openvpn-13322=1
- SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-openvpn-13322=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
openvpn-2.0.9-143.47.3.1
openvpn-auth-pam-plugin-2.0.9-143.47.3.1
- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
openvpn-2.0.9-143.47.3.1
openvpn-auth-pam-plugin-2.0.9-143.47.3.1
- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
openvpn-2.0.9-143.47.3.1
openvpn-auth-pam-plugin-2.0.9-143.47.3.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
openvpn-debuginfo-2.0.9-143.47.3.1
openvpn-debugsource-2.0.9-143.47.3.1
- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
openvpn-debuginfo-2.0.9-143.47.3.1
openvpn-debugsource-2.0.9-143.47.3.1
References:
https://www.suse.com/security/cve/CVE-2016-6329.htmlhttps://www.suse.com/security/cve/CVE-2017-12166.htmlhttps://www.suse.com/security/cve/CVE-2017-7478.htmlhttps://www.suse.com/security/cve/CVE-2017-7479.htmlhttps://bugzilla.suse.com/1038709https://bugzilla.suse.com/1038711https://bugzilla.suse.com/1038713https://bugzilla.suse.com/1060877https://bugzilla.suse.com/995374
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2821-1
Rating: important
References: #1027519 #1055321 #1059777 #1061076 #1061077
#1061080 #1061081 #1061082 #1061084 #1061086
#1061087
Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590
CVE-2017-15592 CVE-2017-15593 CVE-2017-15594
CVE-2017-15595 CVE-2017-5526
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 8 vulnerabilities and has three fixes
is now available.
Description:
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
- CVE-2017-15593: Missing cleanup in the page type system allowed a
malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
- CVE-2017-15592: A problem in the shadow pagetable code allowed a
malicious or buggy HVM guest to cause DoS or cause hypervisor memory
corruption potentially allowing the guest to escalate its privilege
(XSA-243 bsc#1061086)
- CVE-2017-15594: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
- CVE-2017-15591: Missing checks in the handling of DMOPs allowed
malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 to cause a DoS (XSA-238 bsc#1061077)
- CVE-2017-15589: Intercepted I/O write operations with less than a full
machine word's worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239 bsc#1061080)
- CVE-2017-15595: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240 bsc#1061081)
- CVE-2017-15588: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082)
- CVE-2017-15590: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237
bsc#1061076)
- bsc#1055321: When dealing with the grant map space of add-to-physmap
operations, ARM specific code failed to release a lock. This allowed a
malicious guest administrator to cause DoS (XSA-235)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1181=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (x86_64):
xen-4.9.0_14-10.1
xen-debugsource-4.9.0_14-10.1
xen-devel-4.9.0_14-10.1
xen-doc-html-4.9.0_14-10.1
xen-libs-4.9.0_14-10.1
xen-libs-debuginfo-4.9.0_14-10.1
xen-tools-4.9.0_14-10.1
xen-tools-debuginfo-4.9.0_14-10.1
xen-tools-domU-4.9.0_14-10.1
xen-tools-domU-debuginfo-4.9.0_14-10.1
References:
https://www.suse.com/security/cve/CVE-2017-15588.htmlhttps://www.suse.com/security/cve/CVE-2017-15589.htmlhttps://www.suse.com/security/cve/CVE-2017-15590.htmlhttps://www.suse.com/security/cve/CVE-2017-15592.htmlhttps://www.suse.com/security/cve/CVE-2017-15593.htmlhttps://www.suse.com/security/cve/CVE-2017-15594.htmlhttps://www.suse.com/security/cve/CVE-2017-15595.htmlhttps://www.suse.com/security/cve/CVE-2017-5526.htmlhttps://bugzilla.suse.com/1027519https://bugzilla.suse.com/1055321https://bugzilla.suse.com/1059777https://bugzilla.suse.com/1061076https://bugzilla.suse.com/1061077https://bugzilla.suse.com/1061080https://bugzilla.suse.com/1061081https://bugzilla.suse.com/1061082https://bugzilla.suse.com/1061084https://bugzilla.suse.com/1061086https://bugzilla.suse.com/1061087
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP2
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2816-1
Rating: important
References: #1053150 #1057950
Cross-References: CVE-2017-1000251 CVE-2017-12762
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.4.74-92_35 fixes several issues.
The following security bugs were fixed:
- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ)
was vulnerable to a stack overflow vulnerability in the processing of
L2CAP configuration responses resulting in Remote code execution in
kernel space (bsc#1057950).
- CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer
was copied into a local buffer of constant size using strcpy without a
length check which can cause a buffer overflow (bsc#1053150).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1750=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Live Patching 12 (x86_64):
kgraft-patch-4_4_74-92_35-default-3-4.1
References:
https://www.suse.com/security/cve/CVE-2017-1000251.htmlhttps://www.suse.com/security/cve/CVE-2017-12762.htmlhttps://bugzilla.suse.com/1053150https://bugzilla.suse.com/1057950
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2815-1
Rating: important
References: #1027519 #1059777 #1061076 #1061080 #1061081
#1061082 #1061084 #1061086 #1061087
Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590
CVE-2017-15592 CVE-2017-15593 CVE-2017-15594
CVE-2017-15595 CVE-2017-5526
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 8 vulnerabilities and has one errata
is now available.
Description:
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
- CVE-2017-15593: Missing cleanup in the page type system allowed a
malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
- CVE-2017-15592: A problem in the shadow pagetable code allowed a
malicious or buggy HVM guest to cause DoS or cause hypervisor memory
corruption potentially allowing the guest to escalate its privilege
(XSA-243 bsc#1061086)
- CVE-2017-15594: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
- CVE-2017-15589: Intercepted I/O write operations with less than a full
machine word's worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239 bsc#1061080)
- CVE-2017-15595: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240 bsc#1061081)
- CVE-2017-15588: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082)
- CVE-2017-15590: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237
bsc#1061076)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-xen-13321=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-xen-13321=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xen-13321=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
xen-devel-4.4.4_24-61.12.1
- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
xen-kmp-default-4.4.4_24_3.0.101_108.10-61.12.1
xen-libs-4.4.4_24-61.12.1
xen-tools-domU-4.4.4_24-61.12.1
- SUSE Linux Enterprise Server 11-SP4 (x86_64):
xen-4.4.4_24-61.12.1
xen-doc-html-4.4.4_24-61.12.1
xen-libs-32bit-4.4.4_24-61.12.1
xen-tools-4.4.4_24-61.12.1
- SUSE Linux Enterprise Server 11-SP4 (i586):
xen-kmp-pae-4.4.4_24_3.0.101_108.10-61.12.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
xen-debuginfo-4.4.4_24-61.12.1
xen-debugsource-4.4.4_24-61.12.1
References:
https://www.suse.com/security/cve/CVE-2017-15588.htmlhttps://www.suse.com/security/cve/CVE-2017-15589.htmlhttps://www.suse.com/security/cve/CVE-2017-15590.htmlhttps://www.suse.com/security/cve/CVE-2017-15592.htmlhttps://www.suse.com/security/cve/CVE-2017-15593.htmlhttps://www.suse.com/security/cve/CVE-2017-15594.htmlhttps://www.suse.com/security/cve/CVE-2017-15595.htmlhttps://www.suse.com/security/cve/CVE-2017-5526.htmlhttps://bugzilla.suse.com/1027519https://bugzilla.suse.com/1059777https://bugzilla.suse.com/1061076https://bugzilla.suse.com/1061080https://bugzilla.suse.com/1061081https://bugzilla.suse.com/1061082https://bugzilla.suse.com/1061084https://bugzilla.suse.com/1061086https://bugzilla.suse.com/1061087
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org