SuSE Local Security Checks : openSUSE: Security Advisory for xen (openSUSE-SU-2017:1078-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.851538

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for xen (openSUSE-SU-2017:1078-1)

Resumen: The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'xen'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for xen to version 4.7.2 fixes the following issues:

These security issues were fixed:

- CVE-2017-7228: Broken check in memory_exchange() permitted PV guest
breakout (bsc#1030442).

- XSA-206: Unprivileged guests issuing writes to xenstore were able to
stall progress of the control domain or driver domain, possibly leading
to a Denial of Service (DoS) of the entire host (bsc#1030144).

- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c
allowed local guest OS users to cause a denial of service (infinite
loop) via vectors involving the number of link endpoint list descriptors
(bsc#1028235).

These non-security issues were fixed:

- bsc#1015348: libvirtd didn't not start during boot

- bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen
hypervisor.

- bsc#1026236: Fixed paravirtualized performance

- bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add'

- bsc#1029827: Forward port xenstored

- bsc#1029128: Make xen to really produce xen.efi with gcc48

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Affected Software/OS:
xen on openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6505
BugTraq ID: 96611
http://www.securityfocus.com/bid/96611
https://security.gentoo.org/glsa/201704-01
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
http://www.openwall.com/lists/oss-security/2017/03/06/6
Common Vulnerability Exposure (CVE) ID: CVE-2017-7228
BugTraq ID: 97375
http://www.securityfocus.com/bid/97375
Debian Security Information: DSA-3847 (Google Search)
http://www.debian.org/security/2017/dsa-3847
https://www.exploit-db.com/exploits/41870/
https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html
http://www.securitytracker.com/id/1038223

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.851538
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for xen (openSUSE-SU-2017:1078-1)
Resumen:	The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'xen' package(s) announced via the referenced advisory. Vulnerability Insight: This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permitted PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). These non-security issues were fixed: - bsc#1015348: libvirtd didn't not start during boot - bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen hypervisor. - bsc#1026236: Fixed paravirtualized performance - bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add' - bsc#1029827: Forward port xenstored - bsc#1029128: Make xen to really produce xen.efi with gcc48 This update was imported from the SUSE:SLE-12-SP2:Update update project. Affected Software/OS: xen on openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6505 BugTraq ID: 96611 http://www.securityfocus.com/bid/96611 https://security.gentoo.org/glsa/201704-01 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/03/06/6 Common Vulnerability Exposure (CVE) ID: CVE-2017-7228 BugTraq ID: 97375 http://www.securityfocus.com/bid/97375 Debian Security Information: DSA-3847 (Google Search) http://www.debian.org/security/2017/dsa-3847 https://www.exploit-db.com/exploits/41870/ https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html http://www.securitytracker.com/id/1038223
Copyright	Copyright (C) 2017 Greenbone Networks GmbH