Security update for xen
Announcement ID: | SUSE-SU-2017:1058-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
This update for xen fixes the following security issues:
- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).
- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).
- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Magnum Orchestration 7
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1058=1
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
zypper in -t patch SUSE-SLE-BSK-12-SP2-2017-1058=1
-
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1058=1
-
SUSE Linux Enterprise High Availability Extension 12 SP2
zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1058=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1058=1 SUSE-SLE-SERVER-12-SP2-2017-1058=1
-
SUSE Linux Enterprise Live Patching 12
zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1058=1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1058=1
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1058=1
-
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1058=1
-
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1058=1
-
SUSE Linux Enterprise Workstation Extension 12 SP2
zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1058=1
Package List:
-
Magnum Orchestration 7 (nosrc x86_64)
- kernel-default-4.4.59-92.24.2
-
Magnum Orchestration 7 (x86_64)
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (nosrc s390x)
- kernel-zfcpdump-4.4.59-92.24.2
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (s390x)
- kernel-zfcpdump-debugsource-4.4.59-92.24.2
- kernel-zfcpdump-debuginfo-4.4.59-92.24.2
-
SUSE Linux Enterprise Desktop 12 SP2 (nosrc x86_64)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
- kernel-default-debuginfo-4.4.59-92.24.2
- kernel-default-extra-4.4.59-92.24.2
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-syms-4.4.59-92.24.2
- kernel-default-extra-debuginfo-4.4.59-92.24.2
- kernel-default-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Desktop 12 SP2 (noarch)
- kernel-macros-4.4.59-92.24.2
- kernel-source-4.4.59-92.24.2
- kernel-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
- ocfs2-kmp-default-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
- gfs2-kmp-default-4.4.59-92.24.2
- cluster-network-kmp-default-debuginfo-4.4.59-92.24.2
- ocfs2-kmp-default-debuginfo-4.4.59-92.24.2
- cluster-md-kmp-default-4.4.59-92.24.2
- kernel-default-debugsource-4.4.59-92.24.2
- dlm-kmp-default-debuginfo-4.4.59-92.24.2
- cluster-md-kmp-default-debuginfo-4.4.59-92.24.2
- gfs2-kmp-default-debuginfo-4.4.59-92.24.2
- dlm-kmp-default-4.4.59-92.24.2
- cluster-network-kmp-default-4.4.59-92.24.2
-
SUSE Linux Enterprise High Availability Extension 12 SP2 (nosrc)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- kernel-default-base-debuginfo-4.4.59-92.24.2
- ocfs2-kmp-default-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
- gfs2-kmp-default-4.4.59-92.24.2
- cluster-network-kmp-default-debuginfo-4.4.59-92.24.2
- ocfs2-kmp-default-debuginfo-4.4.59-92.24.2
- cluster-md-kmp-default-4.4.59-92.24.2
- kernel-default-devel-4.4.59-92.24.2
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-syms-4.4.59-92.24.2
- dlm-kmp-default-debuginfo-4.4.59-92.24.2
- cluster-md-kmp-default-debuginfo-4.4.59-92.24.2
- gfs2-kmp-default-debuginfo-4.4.59-92.24.2
- kernel-default-base-4.4.59-92.24.2
- dlm-kmp-default-4.4.59-92.24.2
- cluster-network-kmp-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (nosrc ppc64le x86_64)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
- kernel-macros-4.4.59-92.24.2
- kernel-source-4.4.59-92.24.2
- kernel-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Live Patching 12 (x86_64)
- kgraft-patch-4_4_59-92_24-default-1-2.3
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64 nosrc)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
- kernel-default-base-debuginfo-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
- kernel-syms-4.4.59-92.24.2
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-default-base-4.4.59-92.24.2
- kernel-default-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
- kernel-macros-4.4.59-92.24.2
- kernel-source-4.4.59-92.24.2
- kernel-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (noarch)
- kernel-docs-4.4.59-92.24.5
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
- kernel-obs-build-debugsource-4.4.59-92.24.2
- kernel-obs-build-4.4.59-92.24.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 nosrc x86_64)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
- kernel-default-base-debuginfo-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-syms-4.4.59-92.24.2
- kernel-default-base-4.4.59-92.24.2
- kernel-default-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
- kernel-macros-4.4.59-92.24.2
- kernel-source-4.4.59-92.24.2
- kernel-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
- kernel-default-base-debuginfo-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-syms-4.4.59-92.24.2
- kernel-default-base-4.4.59-92.24.2
- kernel-default-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Server 12 SP2 (noarch)
- kernel-macros-4.4.59-92.24.2
- kernel-source-4.4.59-92.24.2
- kernel-devel-4.4.59-92.24.2
-
SUSE Linux Enterprise Server 12 SP2 (s390x)
- kernel-default-man-4.4.59-92.24.2
-
SUSE Linux Enterprise Workstation Extension 12 SP2 (nosrc)
- kernel-default-4.4.59-92.24.2
-
SUSE Linux Enterprise Workstation Extension 12 SP2 (x86_64)
- kernel-default-debugsource-4.4.59-92.24.2
- kernel-default-extra-4.4.59-92.24.2
- kernel-default-extra-debuginfo-4.4.59-92.24.2
- kernel-default-debuginfo-4.4.59-92.24.2
References:
- https://www.suse.com/security/cve/CVE-2017-6414.html
- https://www.suse.com/security/cve/CVE-2017-6505.html
- https://www.suse.com/security/cve/CVE-2017-7228.html
- https://bugzilla.suse.com/show_bug.cgi?id=1027570
- https://bugzilla.suse.com/show_bug.cgi?id=1028235
- https://bugzilla.suse.com/show_bug.cgi?id=1030442