SUSE-SU-2017:2420-1 -- SLES xenID: oval:org.secpod.oval:def:89044731 | Date: (C)2021-07-20 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen - CVE-2017-14318: The function __gnttab_cache_flush missed a check for grant tables, allowing a malicious guest to crash the host or for x86 PV guests to potentially escalate privileges - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon . - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor . These non-security issues were fixed: - bsc#1057358: Fixed boot into SUSE Linux Enterprise 12.3 with secure boot - bsc#1055695: Fixed restoring updates for HVM guests for ballooned domUs
Platform: |
SUSE Linux Enterprise Server 12 SP3 |