openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
November 2017
- 2 participants
- 83 discussions
[security-announce] openSUSE-SU-2017:2938-1: important: Security update for qemu
by opensuse-security@opensuse.org 07 Nov '17
by opensuse-security@opensuse.org 07 Nov '17
07 Nov '17
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2938-1
Rating: important
References: #1054724 #1055587 #1056291 #1056334 #1057378
#1057585 #1057966 #1062069 #1062942 #1063122
Cross-References: CVE-2017-10911 CVE-2017-12809 CVE-2017-13672
CVE-2017-13711 CVE-2017-14167 CVE-2017-15038
CVE-2017-15268 CVE-2017-15289
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves 8 vulnerabilities and has two fixes
is now available.
Description:
This update for qemu to version 2.9.1 fixes several issues.
It also announces that the qed storage format will be no longer supported
in Leap 15.0.
These security issues were fixed:
- CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by
triggering slow data-channel read operations, related to
io/channel-websock.c (bsc#1062942)
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063122)
- CVE-2017-15038: Race condition in the v9fs_xattrwalk function local
guest OS users to obtain sensitive information from host heap memory via
vectors related to reading extended attributes (bsc#1062069)
- CVE-2017-10911: The make_response function in the Linux kernel allowed
guest OS users to obtain sensitive information from host OS (or other
guest OS) kernel memory by leveraging the copying of uninitialized
padding fields in Xen block-interface response structures (bsc#1057378)
- CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed
local guest OS privileged users to cause a denial of service (NULL
pointer dereference and QEMU process crash) by flushing an empty CDROM
device drive (bsc#1054724)
- CVE-2017-14167: Integer overflow in the load_multiboot function allowed
local guest OS users to execute arbitrary code on the host via crafted
multiboot header address values, which trigger an out-of-bounds write
(bsc#1057585)
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056334)
- CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause
a denial of service (QEMU instance crash) by leveraging failure to
properly clear ifq_so from pending packets (bsc#1056291).
These non-security issues were fixed:
- Fixed not being able to build from rpm sources due to undefined macro
(bsc#1057966)
- Fiedx package build failure against new glibc (bsc#1055587)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1248=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
qemu-linux-user-2.9.1-35.1
qemu-linux-user-debuginfo-2.9.1-35.1
qemu-linux-user-debugsource-2.9.1-35.1
- openSUSE Leap 42.3 (x86_64):
qemu-2.9.1-35.1
qemu-arm-2.9.1-35.1
qemu-arm-debuginfo-2.9.1-35.1
qemu-block-curl-2.9.1-35.1
qemu-block-curl-debuginfo-2.9.1-35.1
qemu-block-dmg-2.9.1-35.1
qemu-block-dmg-debuginfo-2.9.1-35.1
qemu-block-iscsi-2.9.1-35.1
qemu-block-iscsi-debuginfo-2.9.1-35.1
qemu-block-rbd-2.9.1-35.1
qemu-block-rbd-debuginfo-2.9.1-35.1
qemu-block-ssh-2.9.1-35.1
qemu-block-ssh-debuginfo-2.9.1-35.1
qemu-debugsource-2.9.1-35.1
qemu-extra-2.9.1-35.1
qemu-extra-debuginfo-2.9.1-35.1
qemu-guest-agent-2.9.1-35.1
qemu-guest-agent-debuginfo-2.9.1-35.1
qemu-ksm-2.9.1-35.1
qemu-kvm-2.9.1-35.1
qemu-lang-2.9.1-35.1
qemu-ppc-2.9.1-35.1
qemu-ppc-debuginfo-2.9.1-35.1
qemu-s390-2.9.1-35.1
qemu-s390-debuginfo-2.9.1-35.1
qemu-testsuite-2.9.1-35.1
qemu-tools-2.9.1-35.1
qemu-tools-debuginfo-2.9.1-35.1
qemu-x86-2.9.1-35.1
qemu-x86-debuginfo-2.9.1-35.1
- openSUSE Leap 42.3 (noarch):
qemu-ipxe-1.0.0-35.1
qemu-seabios-1.10.2-35.1
qemu-sgabios-8-35.1
qemu-vgabios-1.10.2-35.1
References:
https://www.suse.com/security/cve/CVE-2017-10911.html
https://www.suse.com/security/cve/CVE-2017-12809.html
https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-13711.html
https://www.suse.com/security/cve/CVE-2017-14167.html
https://www.suse.com/security/cve/CVE-2017-15038.html
https://www.suse.com/security/cve/CVE-2017-15268.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://bugzilla.suse.com/1054724
https://bugzilla.suse.com/1055587
https://bugzilla.suse.com/1056291
https://bugzilla.suse.com/1056334
https://bugzilla.suse.com/1057378
https://bugzilla.suse.com/1057585
https://bugzilla.suse.com/1057966
https://bugzilla.suse.com/1062069
https://bugzilla.suse.com/1062942
https://bugzilla.suse.com/1063122
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2936-1: important: Security update for qemu
by opensuse-security@opensuse.org 06 Nov '17
by opensuse-security@opensuse.org 06 Nov '17
06 Nov '17
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2936-1
Rating: important
References: #1043176 #1043808 #1046636 #1047674 #1048902
#1049381 #1054724 #1056334 #1057378 #1057585
#1057966 #1059369 #1062069 #1062942 #1063122
#997358
Cross-References: CVE-2017-10664 CVE-2017-10806 CVE-2017-10911
CVE-2017-11334 CVE-2017-11434 CVE-2017-12809
CVE-2017-13672 CVE-2017-14167 CVE-2017-15038
CVE-2017-15268 CVE-2017-15289 CVE-2017-9524
Affected Products:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves 12 vulnerabilities and has four fixes
is now available.
Description:
This update for qemu fixes several issues.
These security issues were fixed:
- CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by
triggering slow data-channel read operations, related to
io/channel-websock.c (bsc#1062942).
- CVE-2017-9524: The qemu-nbd server when built with the Network Block
Device (NBD) Server support allowed remote attackers to cause a denial
of service (segmentation fault and server crash) by leveraging failure
to ensure that all initialization occurs talking to a client in the
nbd_negotiate function (bsc#1043808).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063122)
- CVE-2017-15038: Race condition in the v9fs_xattrwalk function local
guest OS users to obtain sensitive information from host heap memory via
vectors related to reading extended attributes (bsc#1062069)
- CVE-2017-10911: The make_response function in the Linux kernel allowed
guest OS users to obtain sensitive information from host OS (or other
guest OS) kernel memory by leveraging the copying of uninitialized
padding fields in Xen block-interface response structures (bsc#1057378)
- CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed
local guest OS privileged users to cause a denial of service (NULL
pointer dereference and QEMU process crash) by flushing an empty CDROM
device drive (bsc#1054724)
- CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046636)
- CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users
to cause a denial of service (QEMU process crash) via vectors related to
logging debug messages (bsc#1047674)
- CVE-2017-14167: Integer overflow in the load_multiboot function allowed
local guest OS users to execute arbitrary code on the host via crafted
multiboot header address values, which trigger an out-of-bounds write
(bsc#1057585)
- CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP options string (bsc#1049381)
- CVE-2017-11334: The address_space_write_continue function allowed local
guest OS privileged users to cause a denial of service (out-of-bounds
access and guest instance crash) by leveraging use of qemu_map_ram_ptr
to access guest ram block area (bsc#1048902)
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056334)
These non-security issues were fixed:
- Fixed not being able to build from rpm sources due to undefined macro
(bsc#1057966)
- Fixed wrong permissions for kvm_stat.1 file
- Fixed KVM lun resize not working as expected on SLES12 SP2 HV
(bsc#1043176)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1821=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1821=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1821=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
qemu-2.6.2-41.22.2
qemu-arm-2.6.2-41.22.2
qemu-arm-debuginfo-2.6.2-41.22.2
qemu-block-curl-2.6.2-41.22.2
qemu-block-curl-debuginfo-2.6.2-41.22.2
qemu-block-rbd-2.6.2-41.22.2
qemu-block-rbd-debuginfo-2.6.2-41.22.2
qemu-block-ssh-2.6.2-41.22.2
qemu-block-ssh-debuginfo-2.6.2-41.22.2
qemu-debugsource-2.6.2-41.22.2
qemu-guest-agent-2.6.2-41.22.2
qemu-guest-agent-debuginfo-2.6.2-41.22.2
qemu-lang-2.6.2-41.22.2
qemu-tools-2.6.2-41.22.2
qemu-tools-debuginfo-2.6.2-41.22.2
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
qemu-ipxe-1.0.0-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
qemu-2.6.2-41.22.2
qemu-block-curl-2.6.2-41.22.2
qemu-block-curl-debuginfo-2.6.2-41.22.2
qemu-block-ssh-2.6.2-41.22.2
qemu-block-ssh-debuginfo-2.6.2-41.22.2
qemu-debugsource-2.6.2-41.22.2
qemu-guest-agent-2.6.2-41.22.2
qemu-guest-agent-debuginfo-2.6.2-41.22.2
qemu-lang-2.6.2-41.22.2
qemu-tools-2.6.2-41.22.2
qemu-tools-debuginfo-2.6.2-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64):
qemu-block-rbd-2.6.2-41.22.2
qemu-block-rbd-debuginfo-2.6.2-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
qemu-kvm-2.6.2-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (ppc64le):
qemu-ppc-2.6.2-41.22.2
qemu-ppc-debuginfo-2.6.2-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (aarch64):
qemu-arm-2.6.2-41.22.2
qemu-arm-debuginfo-2.6.2-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
qemu-x86-2.6.2-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (noarch):
qemu-ipxe-1.0.0-41.22.2
qemu-seabios-1.9.1-41.22.2
qemu-sgabios-8-41.22.2
qemu-vgabios-1.9.1-41.22.2
- SUSE Linux Enterprise Server 12-SP2 (s390x):
qemu-s390-2.6.2-41.22.2
qemu-s390-debuginfo-2.6.2-41.22.2
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
qemu-ipxe-1.0.0-41.22.2
qemu-seabios-1.9.1-41.22.2
qemu-sgabios-8-41.22.2
qemu-vgabios-1.9.1-41.22.2
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
qemu-2.6.2-41.22.2
qemu-block-curl-2.6.2-41.22.2
qemu-block-curl-debuginfo-2.6.2-41.22.2
qemu-debugsource-2.6.2-41.22.2
qemu-kvm-2.6.2-41.22.2
qemu-tools-2.6.2-41.22.2
qemu-tools-debuginfo-2.6.2-41.22.2
qemu-x86-2.6.2-41.22.2
References:
https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-10806.html
https://www.suse.com/security/cve/CVE-2017-10911.html
https://www.suse.com/security/cve/CVE-2017-11334.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12809.html
https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-14167.html
https://www.suse.com/security/cve/CVE-2017-15038.html
https://www.suse.com/security/cve/CVE-2017-15268.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://www.suse.com/security/cve/CVE-2017-9524.html
https://bugzilla.suse.com/1043176
https://bugzilla.suse.com/1043808
https://bugzilla.suse.com/1046636
https://bugzilla.suse.com/1047674
https://bugzilla.suse.com/1048902
https://bugzilla.suse.com/1049381
https://bugzilla.suse.com/1054724
https://bugzilla.suse.com/1056334
https://bugzilla.suse.com/1057378
https://bugzilla.suse.com/1057585
https://bugzilla.suse.com/1057966
https://bugzilla.suse.com/1059369
https://bugzilla.suse.com/1062069
https://bugzilla.suse.com/1062942
https://bugzilla.suse.com/1063122
https://bugzilla.suse.com/997358
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2933-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 06 Nov '17
by opensuse-security@opensuse.org 06 Nov '17
06 Nov '17
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2933-1
Rating: important
References: #1020950 #1024749 #1045460 #1050469
Cross-References: CVE-2016-7586 CVE-2016-7589 CVE-2016-7592
CVE-2016-7599 CVE-2016-7623 CVE-2016-7632
CVE-2016-7635 CVE-2016-7639 CVE-2016-7641
CVE-2016-7645 CVE-2016-7652 CVE-2016-7654
CVE-2016-7656 CVE-2017-2350 CVE-2017-2354
CVE-2017-2355 CVE-2017-2356 CVE-2017-2362
CVE-2017-2363 CVE-2017-2364 CVE-2017-2365
CVE-2017-2366 CVE-2017-2369 CVE-2017-2371
CVE-2017-2373 CVE-2017-2496 CVE-2017-2510
CVE-2017-2538 CVE-2017-2539 CVE-2017-7018
CVE-2017-7030 CVE-2017-7034 CVE-2017-7037
CVE-2017-7039 CVE-2017-7046 CVE-2017-7048
CVE-2017-7055 CVE-2017-7056 CVE-2017-7061
CVE-2017-7064
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that fixes 40 vulnerabilities is now available.
Description:
This update for webkit2gtk3 to version 2.18.0 fixes the following issues:
These security issues were fixed:
- CVE-2017-7039: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7018: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7030: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7037: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7034: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7055: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7056: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7064: An issue was fixed that allowed remote attackers to
bypass intended memory-read restrictions via a crafted app (bsc#1050469).
- CVE-2017-7061: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7048: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-7046: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1050469).
- CVE-2017-2538: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1045460)
- CVE-2017-2496: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site.
- CVE-2017-2539: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site.
- CVE-2017-2510: An issue was fixed that allowed remote attackers to
conduct Universal XSS (UXSS) attacks via a crafted web site that
improperly interacts with pageshow events.
- CVE-2017-2365: An issue was fixed that allowed remote attackers to
bypass the Same Origin Policy and obtain sensitive information via a
crafted web site (bsc#1024749)
- CVE-2017-2366: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1024749)
- CVE-2017-2373: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1024749)
- CVE-2017-2363: An issue was fixed that allowed remote attackers to
bypass the Same Origin Policy and obtain sensitive information via a
crafted web site (bsc#1024749)
- CVE-2017-2362: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1024749)
- CVE-2017-2350: An issue was fixed that allowed remote attackers to
bypass the Same Origin Policy and obtain sensitive information via a
crafted web site (bsc#1024749)
- CVE-2017-2350: An issue was fixed that allowed remote attackers to
bypass the Same Origin Policy and obtain sensitive information via a
crafted web site (bsc#1024749)
- CVE-2017-2354: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1024749).
- CVE-2017-2355: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (uninitialized
memory access and application crash) via a crafted web site (bsc#1024749)
- CVE-2017-2356: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1024749)
- CVE-2017-2371: An issue was fixed that allowed remote attackers to
launch popups via a crafted web site (bsc#1024749)
- CVE-2017-2364: An issue was fixed that allowed remote attackers to
bypass the Same Origin Policy and obtain sensitive information via a
crafted web site (bsc#1024749)
- CVE-2017-2369: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1024749)
- CVE-2016-7656: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7635: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7654: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7639: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7645: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7652: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7641: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7632: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7599: An issue was fixed that allowed remote attackers to
bypass the Same Origin Policy and obtain sensitive information via a
crafted web site that used HTTP redirects (bsc#1020950)
- CVE-2016-7592: An issue was fixed that allowed remote attackers to
obtain sensitive information via crafted JavaScript prompts on a web
site (bsc#1020950)
- CVE-2016-7589: An issue was fixed that allowed remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted web site (bsc#1020950)
- CVE-2016-7623: An issue was fixed that allowed remote attackers to
obtain sensitive information via a blob URL on a web site (bsc#1020950)
- CVE-2016-7586: An issue was fixed that allowed remote attackers to
obtain sensitive information via a crafted web site (bsc#1020950)
For other non-security fixes please check the changelog.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1815=1
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1815=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1815=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1815=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1815=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1815=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1815=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1815=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1815=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch):
libwebkit2gtk3-lang-2.18.0-2.9.1
- SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch):
libwebkit2gtk3-lang-2.18.0-2.9.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
webkit2gtk3-debugsource-2.18.0-2.9.1
webkit2gtk3-devel-2.18.0-2.9.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
webkit2gtk3-debugsource-2.18.0-2.9.1
webkit2gtk3-devel-2.18.0-2.9.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
libjavascriptcoregtk-4_0-18-2.18.0-2.9.1
libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1
libwebkit2gtk-4_0-37-2.18.0-2.9.1
libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1
typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1
typelib-1_0-WebKit2-4_0-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1
webkit2gtk3-debugsource-2.18.0-2.9.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.18.0-2.9.1
libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1
libwebkit2gtk-4_0-37-2.18.0-2.9.1
libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1
typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1
typelib-1_0-WebKit2-4_0-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1
webkit2gtk3-debugsource-2.18.0-2.9.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.18.0-2.9.1
libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1
libwebkit2gtk-4_0-37-2.18.0-2.9.1
libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1
typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1
typelib-1_0-WebKit2-4_0-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1
webkit2gtk3-debugsource-2.18.0-2.9.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
libjavascriptcoregtk-4_0-18-2.18.0-2.9.1
libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1
libwebkit2gtk-4_0-37-2.18.0-2.9.1
libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1
typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1
typelib-1_0-WebKit2-4_0-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1
webkit2gtk3-debugsource-2.18.0-2.9.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
libwebkit2gtk3-lang-2.18.0-2.9.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libjavascriptcoregtk-4_0-18-2.18.0-2.9.1
libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1
libwebkit2gtk-4_0-37-2.18.0-2.9.1
libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1
typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1
typelib-1_0-WebKit2-4_0-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1
webkit2gtk3-debugsource-2.18.0-2.9.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
libwebkit2gtk3-lang-2.18.0-2.9.1
References:
https://www.suse.com/security/cve/CVE-2016-7586.html
https://www.suse.com/security/cve/CVE-2016-7589.html
https://www.suse.com/security/cve/CVE-2016-7592.html
https://www.suse.com/security/cve/CVE-2016-7599.html
https://www.suse.com/security/cve/CVE-2016-7623.html
https://www.suse.com/security/cve/CVE-2016-7632.html
https://www.suse.com/security/cve/CVE-2016-7635.html
https://www.suse.com/security/cve/CVE-2016-7639.html
https://www.suse.com/security/cve/CVE-2016-7641.html
https://www.suse.com/security/cve/CVE-2016-7645.html
https://www.suse.com/security/cve/CVE-2016-7652.html
https://www.suse.com/security/cve/CVE-2016-7654.html
https://www.suse.com/security/cve/CVE-2016-7656.html
https://www.suse.com/security/cve/CVE-2017-2350.html
https://www.suse.com/security/cve/CVE-2017-2354.html
https://www.suse.com/security/cve/CVE-2017-2355.html
https://www.suse.com/security/cve/CVE-2017-2356.html
https://www.suse.com/security/cve/CVE-2017-2362.html
https://www.suse.com/security/cve/CVE-2017-2363.html
https://www.suse.com/security/cve/CVE-2017-2364.html
https://www.suse.com/security/cve/CVE-2017-2365.html
https://www.suse.com/security/cve/CVE-2017-2366.html
https://www.suse.com/security/cve/CVE-2017-2369.html
https://www.suse.com/security/cve/CVE-2017-2371.html
https://www.suse.com/security/cve/CVE-2017-2373.html
https://www.suse.com/security/cve/CVE-2017-2496.html
https://www.suse.com/security/cve/CVE-2017-2510.html
https://www.suse.com/security/cve/CVE-2017-2538.html
https://www.suse.com/security/cve/CVE-2017-2539.html
https://www.suse.com/security/cve/CVE-2017-7018.html
https://www.suse.com/security/cve/CVE-2017-7030.html
https://www.suse.com/security/cve/CVE-2017-7034.html
https://www.suse.com/security/cve/CVE-2017-7037.html
https://www.suse.com/security/cve/CVE-2017-7039.html
https://www.suse.com/security/cve/CVE-2017-7046.html
https://www.suse.com/security/cve/CVE-2017-7048.html
https://www.suse.com/security/cve/CVE-2017-7055.html
https://www.suse.com/security/cve/CVE-2017-7056.html
https://www.suse.com/security/cve/CVE-2017-7061.html
https://www.suse.com/security/cve/CVE-2017-7064.html
https://bugzilla.suse.com/1020950
https://bugzilla.suse.com/1024749
https://bugzilla.suse.com/1045460
https://bugzilla.suse.com/1050469
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2931-1: important: Security update for libwpd
by opensuse-security@opensuse.org 06 Nov '17
by opensuse-security@opensuse.org 06 Nov '17
06 Nov '17
SUSE Security Update: Security update for libwpd
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2931-1
Rating: important
References: #1058025
Cross-References: CVE-2017-14226
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libwpd fixes the following issues:
Security issue fixed:
- CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and
WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which
allows remote attackers to cause a denial of service (heap-based buffer
over-read in the WPXTableList class in WPXTable.cpp). This vulnerability
can be triggered in LibreOffice before 5.3.7. It may lead to suffering a
remote attack against a LibreOffice application. (bnc#1058025)
Bugfixes:
- Fix various crashes, leaks and hangs when reading damaged files found by
oss-fuzz.
- Fix crash when NULL is passed as input stream.
- Use symbol visibility on Linux. The library only exports public
functions now.
- Avoid infinite loop. (libwpd#3)
- Remove bashism. (libwpd#5)
- Fix various crashes and hangs when reading broken files found with the
help of american-fuzzy-lop.
- Make --help output of all command line tools more help2man-friendly.
- Miscellaneous fixes and cleanups.
- Generate manpages for the libwpd-tools
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1816=1
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1816=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1816=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1816=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1816=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1816=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
libwpd-0_10-10-0.10.2-2.4.1
libwpd-0_10-10-debuginfo-0.10.2-2.4.1
libwpd-debugsource-0.10.2-2.4.1
- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
libwpd-0_10-10-0.10.2-2.4.1
libwpd-0_10-10-debuginfo-0.10.2-2.4.1
libwpd-debugsource-0.10.2-2.4.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
libwpd-0_10-10-0.10.2-2.4.1
libwpd-0_10-10-debuginfo-0.10.2-2.4.1
libwpd-debugsource-0.10.2-2.4.1
libwpd-devel-0.10.2-2.4.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch):
libwpd-devel-doc-0.10.2-2.4.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
libwpd-0_10-10-0.10.2-2.4.1
libwpd-0_10-10-debuginfo-0.10.2-2.4.1
libwpd-debugsource-0.10.2-2.4.1
libwpd-devel-0.10.2-2.4.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch):
libwpd-devel-doc-0.10.2-2.4.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
libwpd-0_10-10-0.10.2-2.4.1
libwpd-0_10-10-debuginfo-0.10.2-2.4.1
libwpd-debugsource-0.10.2-2.4.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libwpd-0_10-10-0.10.2-2.4.1
libwpd-0_10-10-debuginfo-0.10.2-2.4.1
libwpd-debugsource-0.10.2-2.4.1
References:
https://www.suse.com/security/cve/CVE-2017-14226.html
https://bugzilla.suse.com/1058025
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2924-1: important: Security update for qemu
by opensuse-security@opensuse.org 02 Nov '17
by opensuse-security@opensuse.org 02 Nov '17
02 Nov '17
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2924-1
Rating: important
References: #1054724 #1055587 #1056291 #1056334 #1057378
#1057585 #1057966 #1062069 #1062942 #1063122
Cross-References: CVE-2017-10911 CVE-2017-12809 CVE-2017-13672
CVE-2017-13711 CVE-2017-14167 CVE-2017-15038
CVE-2017-15268 CVE-2017-15289
Affected Products:
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________
An update that solves 8 vulnerabilities and has two fixes
is now available.
Description:
This update for qemu to version 2.9.1 fixes several issues.
It also announces that the qed storage format will be no longer supported
in SLE 15 (fate#324200).
These security issues were fixed:
- CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by
triggering slow data-channel read operations, related to
io/channel-websock.c (bsc#1062942)
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest
privileged users to cause a denial of service (out-of-bounds write
access and Qemu process crash) via vectors related to dst calculation
(bsc#1063122)
- CVE-2017-15038: Race condition in the v9fs_xattrwalk function local
guest OS users to obtain sensitive information from host heap memory via
vectors related to reading extended attributes (bsc#1062069)
- CVE-2017-10911: The make_response function in the Linux kernel allowed
guest OS users to obtain sensitive information from host OS (or other
guest OS) kernel memory by leveraging the copying of uninitialized
padding fields in Xen block-interface response structures (bsc#1057378)
- CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed
local guest OS privileged users to cause a denial of service (NULL
pointer dereference and QEMU process crash) by flushing an empty CDROM
device drive (bsc#1054724)
- CVE-2017-14167: Integer overflow in the load_multiboot function allowed
local guest OS users to execute arbitrary code on the host via crafted
multiboot header address values, which trigger an out-of-bounds write
(bsc#1057585)
- CVE-2017-13672: The VGA display emulator support allowed local guest OS
privileged users to cause a denial of service (out-of-bounds read and
QEMU process crash) via vectors involving display update (bsc#1056334)
- CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause
a denial of service (QEMU instance crash) by leveraging failure to
properly clear ifq_so from pending packets (bsc#1056291).
These non-security issues were fixed:
- Fixed not being able to build from rpm sources due to undefined macro
(bsc#1057966)
- Fiedx package build failure against new glibc (bsc#1055587)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1810=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1810=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
qemu-2.9.1-6.6.3
qemu-block-curl-2.9.1-6.6.3
qemu-block-curl-debuginfo-2.9.1-6.6.3
qemu-block-iscsi-2.9.1-6.6.3
qemu-block-iscsi-debuginfo-2.9.1-6.6.3
qemu-block-ssh-2.9.1-6.6.3
qemu-block-ssh-debuginfo-2.9.1-6.6.3
qemu-debugsource-2.9.1-6.6.3
qemu-guest-agent-2.9.1-6.6.3
qemu-guest-agent-debuginfo-2.9.1-6.6.3
qemu-lang-2.9.1-6.6.3
qemu-tools-2.9.1-6.6.3
qemu-tools-debuginfo-2.9.1-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64):
qemu-block-rbd-2.9.1-6.6.3
qemu-block-rbd-debuginfo-2.9.1-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
qemu-kvm-2.9.1-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (ppc64le):
qemu-ppc-2.9.1-6.6.3
qemu-ppc-debuginfo-2.9.1-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (aarch64):
qemu-arm-2.9.1-6.6.3
qemu-arm-debuginfo-2.9.1-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (noarch):
qemu-ipxe-1.0.0-6.6.3
qemu-seabios-1.10.2-6.6.3
qemu-sgabios-8-6.6.3
qemu-vgabios-1.10.2-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (x86_64):
qemu-x86-2.9.1-6.6.3
- SUSE Linux Enterprise Server 12-SP3 (s390x):
qemu-s390-2.9.1-6.6.3
qemu-s390-debuginfo-2.9.1-6.6.3
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
qemu-ipxe-1.0.0-6.6.3
qemu-seabios-1.10.2-6.6.3
qemu-sgabios-8-6.6.3
qemu-vgabios-1.10.2-6.6.3
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
qemu-2.9.1-6.6.3
qemu-block-curl-2.9.1-6.6.3
qemu-block-curl-debuginfo-2.9.1-6.6.3
qemu-debugsource-2.9.1-6.6.3
qemu-kvm-2.9.1-6.6.3
qemu-tools-2.9.1-6.6.3
qemu-tools-debuginfo-2.9.1-6.6.3
qemu-x86-2.9.1-6.6.3
References:
https://www.suse.com/security/cve/CVE-2017-10911.html
https://www.suse.com/security/cve/CVE-2017-12809.html
https://www.suse.com/security/cve/CVE-2017-13672.html
https://www.suse.com/security/cve/CVE-2017-13711.html
https://www.suse.com/security/cve/CVE-2017-14167.html
https://www.suse.com/security/cve/CVE-2017-15038.html
https://www.suse.com/security/cve/CVE-2017-15268.html
https://www.suse.com/security/cve/CVE-2017-15289.html
https://bugzilla.suse.com/1054724
https://bugzilla.suse.com/1055587
https://bugzilla.suse.com/1056291
https://bugzilla.suse.com/1056334
https://bugzilla.suse.com/1057378
https://bugzilla.suse.com/1057585
https://bugzilla.suse.com/1057966
https://bugzilla.suse.com/1062069
https://bugzilla.suse.com/1062942
https://bugzilla.suse.com/1063122
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2922-1: important: Security update for ceph
by opensuse-security@opensuse.org 02 Nov '17
by opensuse-security@opensuse.org 02 Nov '17
02 Nov '17
SUSE Security Update: Security update for ceph
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2922-1
Rating: important
References: #1042973 #1043767 #1051432 #1051598 #1056536
Cross-References: CVE-2017-7519
Affected Products:
SUSE Enterprise Storage 4
______________________________________________________________________________
An update that solves one vulnerability and has four fixes
is now available.
Description:
CEPH was updated to version 10.2.10, which brings several fixes and
enhancements.
Upstream 10.2.10 release summary can be found at:
https://ceph.com/releases/v10-2-10-jewel-released/
Security issues fixed:
- CVE-2017-7519: libradosstriper processed arbitrary printf placeholders
in user input (bsc#1043767)
Non-security issues fixed:
- Add explicit Before=ceph.target to systemd service file. (bsc#1042973)
- ceph-disk omits "--runtime" when enabling ceph-osd(a)$ID.service units.
(bsc#1051598, bsc#1056536)
- Make it possible to customize ceph-disk's timeout and set default to 3h.
(bsc#1051432)
- Move ceph-disk from ceph-common to ceph-base.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2017-1805=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Enterprise Storage 4 (aarch64 x86_64):
ceph-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-base-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-base-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-common-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-common-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-debugsource-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-fuse-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-fuse-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-mds-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-mds-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-mon-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-mon-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-osd-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-osd-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-radosgw-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-radosgw-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-test-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-test-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
ceph-test-debugsource-10.2.10+git.1507616349.698469bd8d-12.6.1
libcephfs1-10.2.10+git.1507616349.698469bd8d-12.6.1
libcephfs1-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
librados2-10.2.10+git.1507616349.698469bd8d-12.6.1
librados2-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
libradosstriper1-10.2.10+git.1507616349.698469bd8d-12.6.1
libradosstriper1-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
librbd1-10.2.10+git.1507616349.698469bd8d-12.6.1
librbd1-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
librgw2-10.2.10+git.1507616349.698469bd8d-12.6.1
librgw2-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
python-ceph-compat-10.2.10+git.1507616349.698469bd8d-12.6.1
python-cephfs-10.2.10+git.1507616349.698469bd8d-12.6.1
python-cephfs-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
python-rados-10.2.10+git.1507616349.698469bd8d-12.6.1
python-rados-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
python-rbd-10.2.10+git.1507616349.698469bd8d-12.6.1
python-rbd-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
rbd-fuse-10.2.10+git.1507616349.698469bd8d-12.6.1
rbd-fuse-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
rbd-mirror-10.2.10+git.1507616349.698469bd8d-12.6.1
rbd-mirror-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
rbd-nbd-10.2.10+git.1507616349.698469bd8d-12.6.1
rbd-nbd-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1
References:
https://www.suse.com/security/cve/CVE-2017-7519.html
https://bugzilla.suse.com/1042973
https://bugzilla.suse.com/1043767
https://bugzilla.suse.com/1051432
https://bugzilla.suse.com/1051598
https://bugzilla.suse.com/1056536
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2017:2920-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 02 Nov '17
by opensuse-security@opensuse.org 02 Nov '17
02 Nov '17
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2920-1
Rating: important
References: #1008353 #1012422 #1017941 #1029850 #1030593
#1032268 #1034405 #1034670 #1035576 #1035877
#1036752 #1037182 #1037183 #1037306 #1037994
#1038544 #1038879 #1038981 #1038982 #1039348
#1039349 #1039354 #1039456 #1039721 #1039882
#1039883 #1039885 #1040069 #1041431 #1041958
#1044125 #1045327 #1045487 #1045922 #1046107
#1047408 #1048275 #1049645 #1049882 #1052593
#1053148 #1053152 #1056588 #1056982 #1057179
#1058038 #1058410 #1058507 #1058524 #1062520
#1063667 #1064388 #938162 #975596 #977417
#984779 #985562 #990682
Cross-References: CVE-2015-9004 CVE-2016-10229 CVE-2016-9604
CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380
CVE-2017-10661 CVE-2017-11176 CVE-2017-12153
CVE-2017-12154 CVE-2017-12762 CVE-2017-13080
CVE-2017-14051 CVE-2017-14106 CVE-2017-14140
CVE-2017-15265 CVE-2017-15274 CVE-2017-15649
CVE-2017-2647 CVE-2017-6951 CVE-2017-7482
CVE-2017-7487 CVE-2017-7518 CVE-2017-7541
CVE-2017-7542 CVE-2017-7889 CVE-2017-8106
CVE-2017-8831 CVE-2017-8890 CVE-2017-8924
CVE-2017-8925 CVE-2017-9074 CVE-2017-9075
CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________
An update that solves 36 vulnerabilities and has 22 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local
users to gain privileges via crafted system calls that trigger
mishandling of packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind) that leads to a
use-after-free, a different vulnerability than CVE-2017-6346
(bnc#1064388).
- CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled
counter grouping, which allowed local users to gain privileges via a
crafted application, related to the perf_pmu_register and
perf_event_open functions (bnc#1037306).
- CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to
execute arbitrary code via UDP traffic that triggers an unsafe second
checksum calculation during execution of a recv system call with the
MSG_PEEK flag (bnc#1032268).
- CVE-2016-9604: The handling of keyrings starting with '.' in
KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to
manipulate privileged keyrings, was fixed (bsc#1035576)
- CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a
missing bounds check, and the fact that parport_ptr integer is static, a
'secure boot' kernel command line adversary (can happen due to
bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a
vulnerability the adversary has partial control over the command line)
can overflow the parport_nr array in the following code, by appending
many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456).
- CVE-2017-1000365: The Linux Kernel imposes a size restriction on the
arguments and environmental strings passed through
RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
argument and environment pointers into account, which allowed attackers
to bypass this limitation. (bnc#1039354).
- CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable
to a data race in the ALSA /dev/snd/timer driver resulting in local
users being able to read information belonging to other users, i.e.,
uninitialized memory contents may be disclosed when a read and an ioctl
happen at the same time (bnc#1044125).
- CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel
allowed local users to gain privileges or cause a denial of service
(list corruption or use-after-free) via simultaneous file-descriptor
operations that leverage improper might_cancel queueing (bnc#1053152).
- CVE-2017-11176: The mq_notify function in the Linux kernel did not set
the sock pointer to NULL upon entry into the retry logic. During a
user-space close of a Netlink socket, it allowed attackers to cause a
denial of service (use-after-free) or possibly have unspecified other
impact (bnc#1048275).
- CVE-2017-12153: A security flaw was discovered in the
nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux
kernel This function did not check whether the required attributes are
present in a Netlink request. This request can be issued by a user with
the CAP_NET_ADMIN capability and may result in a NULL pointer
dereference and system crash (bnc#1058410).
- CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the
Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store
exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR
shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain
read and write access to the hardware CR8 register (bnc#1058507).
- CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled
buffer is copied into a local buffer of constant size using strcpy
without a length check which can cause a buffer overflow. (bnc#1053148).
- CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
reinstallation of the Group Temporal Key (GTK) during the group key
handshake, allowing an attacker within radio range to replay frames from
access points to clients (bnc#1063667).
- CVE-2017-14051: An integer overflow in the
qla2x00_sysfs_write_optrom_ctl function in
drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
to cause a denial of service (memory corruption and system crash) by
leveraging root access (bnc#1056588).
- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the
Linux kernel allowed local users to cause a denial of service
(__tcp_select_window divide-by-zero error and system crash) by
triggering a disconnect within a certain tcp_recvmsg code path
(bnc#1056982).
- CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux
kernel doesn't check the effective uid of the target process, enabling a
local attacker to learn the memory layout of a setuid executable despite
ASLR (bnc#1057179).
- CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed
local users to have unspecified impact via vectors related to
/dev/snd/seq (bnc#1062520).
- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
consider the case of a NULL payload in conjunction with a nonzero length
value, which allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted add_key or keyctl system
call, a different vulnerability than CVE-2017-12192 (bnc#1045327).
- CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bnc#1030593).
- CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and OOPS) via a
request_key system call for the "dead" type (bnc#1029850).
- CVE-2017-7482: A potential memory corruption was fixed in decoding of
krb5 principals in the kernels kerberos handling. (bnc#1046107).
- CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel mishandled reference counts, which allowed local users to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(bnc#1038879).
- CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug
exception(#DB) error. It could occur while emulating a syscall
instruction and potentially lead to guest privilege escalation.
(bsc#1045922).
- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
kernel allowed local users to cause a denial of service (buffer overflow
and system crash) or possibly gain privileges via a crafted
NL80211_CMD_FRAME Netlink packet (bnc#1049645).
- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bnc#1049882).
- CVE-2017-7889: The mm subsystem in the Linux kernel did not properly
enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed
local users to read or write to kernel memory locations in the first
megabyte (and bypass slab-allocation access restrictions) via an
application that opens the /dev/mem file, related to arch/x86/mm/init.c
and drivers/char/mem.c (bnc#1034405).
- CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the
Linux kernel 3.12 allowed privileged KVM guest OS users to cause a
denial of service (NULL pointer dereference and host OS crash) via a
single-context INVEPT instruction with a NULL EPT pointer (bnc#1035877).
- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact by changing a certain
sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
- CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bnc#1038544).
- CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
obtain sensitive information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB device (posing as an
io_ti USB serial device) to trigger an integer underflow (bnc#1037182
bsc#1038982).
- CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
in the Linux kernel allowed local users to cause a denial of service
(tty exhaustion) by leveraging reference count mishandling (bnc#1037183
bsc#1038981).
- CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
did not consider that the nexthdr field may be associated with an
invalid option, which allowed local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882).
- CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).
- CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bnc#1041431).
The following non-security bugs were fixed:
- btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,
bsc#984779, bsc#1008353, bsc#1017941).
- dm-mpath: always return reservation conflict. bsc#938162
- getcwd: Close race with d_move called by lustre (bsc#1052593).
- ipv4: Should use consistent conditional judgement for ip fragment in
__ip_append_data and ip_finish_output (bsc#1041958).
- ipv6: Should use consistent conditional judgement for ip6 fragment
between __ip6_append_data and ip6_finish_output (bsc#1041958).
- kabi: avoid bogus kabi errors in ip_output.c (bsc#1041958).
- keys: Disallow keyrings beginning with '.' to be joined as session
keyrings (bnc#1035576).
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
(bnc#1039348).
- net: account for current skb length when deciding about UFO
(bsc#1041958).
- nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670 CVE#2017-7645).
- nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670 CVE#2017-7645).
- nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670
CVE#2017-7645).
- printk: prevent userland from spoofing kernel messages (bsc#1039721).
- reiserfs: do not preallocate blocks for extended attributes (bsc#990682).
- tcp: do not inherit fastopen_req from parent (bsc#1038544).
- udp: disallow UFO for sockets with SO_NO_CHECK option (bsc#1041958).
- usb: wusbcore: fix NULL-deref at probe (bsc#1045487).
- vsock: Detach QP check should filter out non matching QPs (bsc#1036752
bsc#1047408).
- vsock: Fix lockdep issue (bsc#977417 bsc#1047408).
- vsock: sock_put wasn't safe to call in interrupt context (bsc#977417
bsc#1047408).
- xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
(bsc#1058524).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-2017-1808=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1808=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
kernel-default-3.12.61-52.101.1
kernel-default-base-3.12.61-52.101.1
kernel-default-base-debuginfo-3.12.61-52.101.1
kernel-default-debuginfo-3.12.61-52.101.1
kernel-default-debugsource-3.12.61-52.101.1
kernel-default-devel-3.12.61-52.101.1
kernel-syms-3.12.61-52.101.1
- SUSE Linux Enterprise Server 12-LTSS (x86_64):
kernel-xen-3.12.61-52.101.1
kernel-xen-base-3.12.61-52.101.1
kernel-xen-base-debuginfo-3.12.61-52.101.1
kernel-xen-debuginfo-3.12.61-52.101.1
kernel-xen-debugsource-3.12.61-52.101.1
kernel-xen-devel-3.12.61-52.101.1
kgraft-patch-3_12_61-52_101-default-1-8.1
kgraft-patch-3_12_61-52_101-xen-1-8.1
- SUSE Linux Enterprise Server 12-LTSS (noarch):
kernel-devel-3.12.61-52.101.1
kernel-macros-3.12.61-52.101.1
kernel-source-3.12.61-52.101.1
- SUSE Linux Enterprise Server 12-LTSS (s390x):
kernel-default-man-3.12.61-52.101.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
kernel-ec2-3.12.61-52.101.1
kernel-ec2-debuginfo-3.12.61-52.101.1
kernel-ec2-debugsource-3.12.61-52.101.1
kernel-ec2-devel-3.12.61-52.101.1
kernel-ec2-extra-3.12.61-52.101.1
kernel-ec2-extra-debuginfo-3.12.61-52.101.1
References:
https://www.suse.com/security/cve/CVE-2015-9004.html
https://www.suse.com/security/cve/CVE-2016-10229.html
https://www.suse.com/security/cve/CVE-2016-9604.html
https://www.suse.com/security/cve/CVE-2017-1000363.html
https://www.suse.com/security/cve/CVE-2017-1000365.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-11176.html
https://www.suse.com/security/cve/CVE-2017-12153.html
https://www.suse.com/security/cve/CVE-2017-12154.html
https://www.suse.com/security/cve/CVE-2017-12762.html
https://www.suse.com/security/cve/CVE-2017-13080.html
https://www.suse.com/security/cve/CVE-2017-14051.html
https://www.suse.com/security/cve/CVE-2017-14106.html
https://www.suse.com/security/cve/CVE-2017-14140.html
https://www.suse.com/security/cve/CVE-2017-15265.html
https://www.suse.com/security/cve/CVE-2017-15274.html
https://www.suse.com/security/cve/CVE-2017-15649.html
https://www.suse.com/security/cve/CVE-2017-2647.html
https://www.suse.com/security/cve/CVE-2017-6951.html
https://www.suse.com/security/cve/CVE-2017-7482.html
https://www.suse.com/security/cve/CVE-2017-7487.html
https://www.suse.com/security/cve/CVE-2017-7518.html
https://www.suse.com/security/cve/CVE-2017-7541.html
https://www.suse.com/security/cve/CVE-2017-7542.html
https://www.suse.com/security/cve/CVE-2017-7889.html
https://www.suse.com/security/cve/CVE-2017-8106.html
https://www.suse.com/security/cve/CVE-2017-8831.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-8924.html
https://www.suse.com/security/cve/CVE-2017-8925.html
https://www.suse.com/security/cve/CVE-2017-9074.html
https://www.suse.com/security/cve/CVE-2017-9075.html
https://www.suse.com/security/cve/CVE-2017-9076.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1008353
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1017941
https://bugzilla.suse.com/1029850
https://bugzilla.suse.com/1030593
https://bugzilla.suse.com/1032268
https://bugzilla.suse.com/1034405
https://bugzilla.suse.com/1034670
https://bugzilla.suse.com/1035576
https://bugzilla.suse.com/1035877
https://bugzilla.suse.com/1036752
https://bugzilla.suse.com/1037182
https://bugzilla.suse.com/1037183
https://bugzilla.suse.com/1037306
https://bugzilla.suse.com/1037994
https://bugzilla.suse.com/1038544
https://bugzilla.suse.com/1038879
https://bugzilla.suse.com/1038981
https://bugzilla.suse.com/1038982
https://bugzilla.suse.com/1039348
https://bugzilla.suse.com/1039349
https://bugzilla.suse.com/1039354
https://bugzilla.suse.com/1039456
https://bugzilla.suse.com/1039721
https://bugzilla.suse.com/1039882
https://bugzilla.suse.com/1039883
https://bugzilla.suse.com/1039885
https://bugzilla.suse.com/1040069
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041958
https://bugzilla.suse.com/1044125
https://bugzilla.suse.com/1045327
https://bugzilla.suse.com/1045487
https://bugzilla.suse.com/1045922
https://bugzilla.suse.com/1046107
https://bugzilla.suse.com/1047408
https://bugzilla.suse.com/1048275
https://bugzilla.suse.com/1049645
https://bugzilla.suse.com/1049882
https://bugzilla.suse.com/1052593
https://bugzilla.suse.com/1053148
https://bugzilla.suse.com/1053152
https://bugzilla.suse.com/1056588
https://bugzilla.suse.com/1056982
https://bugzilla.suse.com/1057179
https://bugzilla.suse.com/1058038
https://bugzilla.suse.com/1058410
https://bugzilla.suse.com/1058507
https://bugzilla.suse.com/1058524
https://bugzilla.suse.com/1062520
https://bugzilla.suse.com/1063667
https://bugzilla.suse.com/1064388
https://bugzilla.suse.com/938162
https://bugzilla.suse.com/975596
https://bugzilla.suse.com/977417
https://bugzilla.suse.com/984779
https://bugzilla.suse.com/985562
https://bugzilla.suse.com/990682
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2017:2916-1: important: Security update for xen
by opensuse-security@opensuse.org 01 Nov '17
by opensuse-security@opensuse.org 01 Nov '17
01 Nov '17
openSUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2916-1
Rating: important
References: #1027519 #1057358 #1059777 #1061076 #1061077
#1061080 #1061081 #1061082 #1061084 #1061086
#1061087
Cross-References: CVE-2017-15588 CVE-2017-15589 CVE-2017-15590
CVE-2017-15591 CVE-2017-15592 CVE-2017-15593
CVE-2017-15594 CVE-2017-15595 CVE-2017-5526
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves 9 vulnerabilities and has two fixes
is now available.
Description:
This update for xen fixes several issues:
These security issues were fixed:
- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
to a memory leakage issue allowing a privileged user inside the guest to
cause a DoS and/or potentially crash the Qemu process on the host
(bsc#1059777)
- CVE-2017-15593: Missing cleanup in the page type system allowed a
malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084)
- CVE-2017-15592: A problem in the shadow pagetable code allowed a
malicious or buggy HVM guest to cause DoS or cause hypervisor memory
corruption potentially allowing the guest to escalate its privilege
(XSA-243 bsc#1061086)
- CVE-2017-15594: Problematic handling of the selector fields in the
Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV
guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087)
- CVE-2017-15591: Missing checks in the handling of DMOPs allowed
malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 to cause a DoS (XSA-238 bsc#1061077)
- CVE-2017-15589: Intercepted I/O write operations with less than a full
machine word's worth of data were not properly handled, which allowed a
malicious unprivileged x86 HVM guest to obtain sensitive information
from the host or
other guests (XSA-239 bsc#1061080)
- CVE-2017-15595: In certain configurations of linear page tables a stack
overflow might have occured that allowed a malicious or buggy PV guest
to cause DoS and potentially privilege escalation and information leaks
(XSA-240 bsc#1061081)
- CVE-2017-15588: Under certain conditions x86 PV guests could have caused
the hypervisor to miss a necessary TLB flush for a page. This allowed a
malicious x86 PV guest to access all of system memory, allowing for
privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082)
- CVE-2017-15590: Multiple issues existed with the setup of PCI MSI
interrupts that allowed a malicious or buggy guest to cause DoS and
potentially privilege escalation and information leaks (XSA-237
bsc#1061076)
This non-security issue was fixed:
- bsc#1057358: Fixed boot when secure boot is enabled
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1239=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (i586 x86_64):
xen-debugsource-4.7.3_06-11.18.1
xen-devel-4.7.3_06-11.18.1
xen-libs-4.7.3_06-11.18.1
xen-libs-debuginfo-4.7.3_06-11.18.1
xen-tools-domU-4.7.3_06-11.18.1
xen-tools-domU-debuginfo-4.7.3_06-11.18.1
- openSUSE Leap 42.2 (x86_64):
xen-4.7.3_06-11.18.1
xen-doc-html-4.7.3_06-11.18.1
xen-libs-32bit-4.7.3_06-11.18.1
xen-libs-debuginfo-32bit-4.7.3_06-11.18.1
xen-tools-4.7.3_06-11.18.1
xen-tools-debuginfo-4.7.3_06-11.18.1
References:
https://www.suse.com/security/cve/CVE-2017-15588.html
https://www.suse.com/security/cve/CVE-2017-15589.html
https://www.suse.com/security/cve/CVE-2017-15590.html
https://www.suse.com/security/cve/CVE-2017-15591.html
https://www.suse.com/security/cve/CVE-2017-15592.html
https://www.suse.com/security/cve/CVE-2017-15593.html
https://www.suse.com/security/cve/CVE-2017-15594.html
https://www.suse.com/security/cve/CVE-2017-15595.html
https://www.suse.com/security/cve/CVE-2017-5526.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1057358
https://bugzilla.suse.com/1059777
https://bugzilla.suse.com/1061076
https://bugzilla.suse.com/1061077
https://bugzilla.suse.com/1061080
https://bugzilla.suse.com/1061081
https://bugzilla.suse.com/1061082
https://bugzilla.suse.com/1061084
https://bugzilla.suse.com/1061086
https://bugzilla.suse.com/1061087
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0