Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7228 (GCVE-0-2017-7228)
Vulnerability from cvelistv5
Published
2017-04-04 14:00
Modified
2024-08-05 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"name": "DSA-3847",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"name": "41870",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41870/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"name": "1038223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"name": "DSA-3847",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"name": "41870",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41870/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"name": "1038223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97375"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-212.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"name": "http://openwall.com/lists/oss-security/2017/04/04/3",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"name": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt",
"refsource": "CONFIRM",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"name": "DSA-3847",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"name": "41870",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41870/"
},
{
"name": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"name": "1038223",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7228",
"datePublished": "2017-04-04T14:00:00",
"dateReserved": "2017-03-22T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-7228\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-04-04T14:59:00.243\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.\"},{\"lang\":\"es\",\"value\":\"Un problema (conocido como XSA-212) ha sido descubierto en Xen, con arreglos disponibles para 4.8.x, 4.7.x, 4.6.x, 4.5.x, y 4.4.x. La anterior correcci\u00f3n XSA-29 introdujo una comprobaci\u00f3n insuficiente en la entrada XENMEM_exchange, dando permiso a la persona que llama para conducir accesos de memoria de hipervisor fuera de las matrices de entrada/salida proporcionadas por el hu\u00e9sped.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFA1950D-1D9F-4401-AA86-CF3028EFD286\"}]}]}],\"references\":[{\"url\":\"http://openwall.com/lists/oss-security/2017/04/04/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3847\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/97375\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038223\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-212.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41870/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://openwall.com/lists/oss-security/2017/04/04/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/97375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-212.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41870/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
cnvd-2017-07040
Vulnerability from cnvd
Title: Xen XENMEM_exchange本地权限提升漏洞
Description:
Xen是英国剑桥大学开发的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen中存在安全漏洞,该漏洞源于程序未能充分的检查XENMEM_exchange的输入。攻击者可利用该漏洞访问系统内存,获取提升的权限,造成主机崩溃和信息泄露。
Severity: 高
Patch Name: Xen XENMEM_exchange本地权限提升漏洞的补丁
Patch Description:
Xen是英国剑桥大学开发的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen中存在安全漏洞,该漏洞源于程序未能充分的检查XENMEM_exchange的输入。攻击者可利用该漏洞访问系统内存,获取提升的权限,造成主机崩溃和信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://xenbits.xen.org/xsa/advisory-212.html
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-7228
Impacted products
| Name | Xen Xen |
|---|
{
"bids": {
"bid": {
"bidNumber": "97375"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-7228",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2017-7228"
}
},
"description": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u5f00\u53d1\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\r\n\r\nXen\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u68c0\u67e5XENMEM_exchange\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\u5185\u5b58\uff0c\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\uff0c\u9020\u6210\u4e3b\u673a\u5d29\u6e83\u548c\u4fe1\u606f\u6cc4\u9732\u3002",
"discovererName": "Jann Horn of Google Project Zero",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://xenbits.xen.org/xsa/advisory-212.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-07040",
"openTime": "2017-05-19",
"patchDescription": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u5f00\u53d1\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\r\n\r\nXen\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u68c0\u67e5XENMEM_exchange\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\u5185\u5b58\uff0c\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\uff0c\u9020\u6210\u4e3b\u673a\u5d29\u6e83\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen XENMEM_exchange\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-7228",
"serverity": "\u9ad8",
"submitTime": "2017-04-26",
"title": "Xen XENMEM_exchange\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
suse-su-2017:1080-1
Vulnerability from csaf_suse
Published
2017-04-20 13:47
Modified
2017-04-20 13:47
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
These security issues were fixed:
- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).
- XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144).
- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).
- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).
- CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636).
- CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655).
These non-security issues were fixed:
- bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add'
- bsc#1029827: Forward port xenstored
Patchnames
SUSE-SLE-SAP-12-2017-626,SUSE-SLE-SERVER-12-2017-626
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for xen fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).\n- XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144).\n- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).\n- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).\n- CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636).\n- CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655).\n\nThese non-security issues were fixed:\n\n- bsc#1022555: Timeout in \u0027execution of /etc/xen/scripts/block add\u0027\n- bsc#1029827: Forward port xenstored\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-2017-626,SUSE-SLE-SERVER-12-2017-626",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1080-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1080-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171080-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1080-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002821.html"
},
{
"category": "self",
"summary": "SUSE Bug 1022555",
"url": "https://bugzilla.suse.com/1022555"
},
{
"category": "self",
"summary": "SUSE Bug 1026636",
"url": "https://bugzilla.suse.com/1026636"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1027570",
"url": "https://bugzilla.suse.com/1027570"
},
{
"category": "self",
"summary": "SUSE Bug 1028235",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "self",
"summary": "SUSE Bug 1028655",
"url": "https://bugzilla.suse.com/1028655"
},
{
"category": "self",
"summary": "SUSE Bug 1029827",
"url": "https://bugzilla.suse.com/1029827"
},
{
"category": "self",
"summary": "SUSE Bug 1030144",
"url": "https://bugzilla.suse.com/1030144"
},
{
"category": "self",
"summary": "SUSE Bug 1030442",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9603 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2633 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6414 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6505 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7228 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7228/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2017-04-20T13:47:19Z",
"generator": {
"date": "2017-04-20T13:47:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1080-1",
"initial_release_date": "2017-04-20T13:47:19Z",
"revision_history": [
{
"date": "2017-04-20T13:47:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.4_16-22.36.1.x86_64",
"product": {
"name": "xen-4.4.4_16-22.36.1.x86_64",
"product_id": "xen-4.4.4_16-22.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_16-22.36.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_16-22.36.1.x86_64",
"product_id": "xen-doc-html-4.4.4_16-22.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_16-22.36.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_16-22.36.1.x86_64",
"product_id": "xen-libs-4.4.4_16-22.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_16-22.36.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_16-22.36.1.x86_64",
"product_id": "xen-tools-4.4.4_16-22.36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_16-22.36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_16-22.36.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9603"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9603",
"url": "https://www.suse.com/security/cve/CVE-2016-9603"
},
{
"category": "external",
"summary": "SUSE Bug 1028655 for CVE-2016-9603",
"url": "https://bugzilla.suse.com/1028655"
},
{
"category": "external",
"summary": "SUSE Bug 1028656 for CVE-2016-9603",
"url": "https://bugzilla.suse.com/1028656"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2016-9603",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:19Z",
"details": "low"
}
],
"title": "CVE-2016-9603"
},
{
"cve": "CVE-2017-2633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2633"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2633",
"url": "https://www.suse.com/security/cve/CVE-2017-2633"
},
{
"category": "external",
"summary": "SUSE Bug 1026612 for CVE-2017-2633",
"url": "https://bugzilla.suse.com/1026612"
},
{
"category": "external",
"summary": "SUSE Bug 1026636 for CVE-2017-2633",
"url": "https://bugzilla.suse.com/1026636"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-2633",
"url": "https://bugzilla.suse.com/1074701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:19Z",
"details": "low"
}
],
"title": "CVE-2017-2633"
},
{
"cve": "CVE-2017-6414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6414"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6414",
"url": "https://www.suse.com/security/cve/CVE-2017-6414"
},
{
"category": "external",
"summary": "SUSE Bug 1027514 for CVE-2017-6414",
"url": "https://bugzilla.suse.com/1027514"
},
{
"category": "external",
"summary": "SUSE Bug 1027570 for CVE-2017-6414",
"url": "https://bugzilla.suse.com/1027570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:19Z",
"details": "low"
}
],
"title": "CVE-2017-6414"
},
{
"cve": "CVE-2017-6505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6505"
}
],
"notes": [
{
"category": "general",
"text": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6505",
"url": "https://www.suse.com/security/cve/CVE-2017-6505"
},
{
"category": "external",
"summary": "SUSE Bug 1028184 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028184"
},
{
"category": "external",
"summary": "SUSE Bug 1028235 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:19Z",
"details": "low"
}
],
"title": "CVE-2017-6505"
},
{
"cve": "CVE-2017-7228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7228"
}
],
"notes": [
{
"category": "general",
"text": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7228",
"url": "https://www.suse.com/security/cve/CVE-2017-7228"
},
{
"category": "external",
"summary": "SUSE Bug 1030442 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "external",
"summary": "SUSE Bug 1072198 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072198"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:xen-tools-domU-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-doc-html-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-32bit-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-libs-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-4.4.4_16-22.36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:xen-tools-domU-4.4.4_16-22.36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:19Z",
"details": "important"
}
],
"title": "CVE-2017-7228"
}
]
}
suse-su-2017:1081-1
Vulnerability from csaf_suse
Published
2017-04-20 13:47
Modified
2017-04-20 13:47
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
These security issues were fixed:
- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).
- XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144).
- CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655).
- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).
- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).
- CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636).
These non-security issues were fixed:
- bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add'
- bsc#1029827: Forward port xenstored
Patchnames
sdksp4-xen-13069,slessp4-xen-13069
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for xen fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).\n- XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144).\n- CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655).\n- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).\n- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).\n- CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636).\n\nThese non-security issues were fixed:\n\n- bsc#1022555: Timeout in \u0027execution of /etc/xen/scripts/block add\u0027\n- bsc#1029827: Forward port xenstored\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-xen-13069,slessp4-xen-13069",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1081-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1081-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171081-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1081-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002822.html"
},
{
"category": "self",
"summary": "SUSE Bug 1022555",
"url": "https://bugzilla.suse.com/1022555"
},
{
"category": "self",
"summary": "SUSE Bug 1026636",
"url": "https://bugzilla.suse.com/1026636"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1027570",
"url": "https://bugzilla.suse.com/1027570"
},
{
"category": "self",
"summary": "SUSE Bug 1028235",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "self",
"summary": "SUSE Bug 1028655",
"url": "https://bugzilla.suse.com/1028655"
},
{
"category": "self",
"summary": "SUSE Bug 1029827",
"url": "https://bugzilla.suse.com/1029827"
},
{
"category": "self",
"summary": "SUSE Bug 1030144",
"url": "https://bugzilla.suse.com/1030144"
},
{
"category": "self",
"summary": "SUSE Bug 1030442",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9603 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2633 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6414 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6505 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7228 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7228/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2017-04-20T13:47:43Z",
"generator": {
"date": "2017-04-20T13:47:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1081-1",
"initial_release_date": "2017-04-20T13:47:43Z",
"revision_history": [
{
"date": "2017-04-20T13:47:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.4_16-54.1.i586",
"product": {
"name": "xen-devel-4.4.4_16-54.1.i586",
"product_id": "xen-devel-4.4.4_16-54.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"product": {
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"product_id": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"product_id": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_16-54.1.i586",
"product": {
"name": "xen-libs-4.4.4_16-54.1.i586",
"product_id": "xen-libs-4.4.4_16-54.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_16-54.1.i586",
"product": {
"name": "xen-tools-domU-4.4.4_16-54.1.i586",
"product_id": "xen-tools-domU-4.4.4_16-54.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-devel-4.4.4_16-54.1.x86_64",
"product_id": "xen-devel-4.4.4_16-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-4.4.4_16-54.1.x86_64",
"product_id": "xen-4.4.4_16-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_16-54.1.x86_64",
"product_id": "xen-doc-html-4.4.4_16-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_16-54.1.x86_64",
"product_id": "xen-libs-4.4.4_16-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_16-54.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_16-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_16-54.1.x86_64",
"product_id": "xen-tools-4.4.4_16-54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_16-54.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_16-54.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_16-54.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.4_16-54.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586"
},
"product_reference": "xen-devel-4.4.4_16-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-devel-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_16-54.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586"
},
"product_reference": "xen-libs-4.4.4_16-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_16-54.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_16-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_16-54.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586"
},
"product_reference": "xen-libs-4.4.4_16-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_16-54.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_16-54.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_16-54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_16-54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9603"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9603",
"url": "https://www.suse.com/security/cve/CVE-2016-9603"
},
{
"category": "external",
"summary": "SUSE Bug 1028655 for CVE-2016-9603",
"url": "https://bugzilla.suse.com/1028655"
},
{
"category": "external",
"summary": "SUSE Bug 1028656 for CVE-2016-9603",
"url": "https://bugzilla.suse.com/1028656"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2016-9603",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:43Z",
"details": "low"
}
],
"title": "CVE-2016-9603"
},
{
"cve": "CVE-2017-2633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2633"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2633",
"url": "https://www.suse.com/security/cve/CVE-2017-2633"
},
{
"category": "external",
"summary": "SUSE Bug 1026612 for CVE-2017-2633",
"url": "https://bugzilla.suse.com/1026612"
},
{
"category": "external",
"summary": "SUSE Bug 1026636 for CVE-2017-2633",
"url": "https://bugzilla.suse.com/1026636"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-2633",
"url": "https://bugzilla.suse.com/1074701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:43Z",
"details": "low"
}
],
"title": "CVE-2017-2633"
},
{
"cve": "CVE-2017-6414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6414"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6414",
"url": "https://www.suse.com/security/cve/CVE-2017-6414"
},
{
"category": "external",
"summary": "SUSE Bug 1027514 for CVE-2017-6414",
"url": "https://bugzilla.suse.com/1027514"
},
{
"category": "external",
"summary": "SUSE Bug 1027570 for CVE-2017-6414",
"url": "https://bugzilla.suse.com/1027570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:43Z",
"details": "low"
}
],
"title": "CVE-2017-6414"
},
{
"cve": "CVE-2017-6505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6505"
}
],
"notes": [
{
"category": "general",
"text": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6505",
"url": "https://www.suse.com/security/cve/CVE-2017-6505"
},
{
"category": "external",
"summary": "SUSE Bug 1028184 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028184"
},
{
"category": "external",
"summary": "SUSE Bug 1028235 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:43Z",
"details": "low"
}
],
"title": "CVE-2017-6505"
},
{
"cve": "CVE-2017-7228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7228"
}
],
"notes": [
{
"category": "general",
"text": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7228",
"url": "https://www.suse.com/security/cve/CVE-2017-7228"
},
{
"category": "external",
"summary": "SUSE Bug 1030442 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "external",
"summary": "SUSE Bug 1072198 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072198"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-doc-html-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-default-4.4.4_16_3.0.101_97-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-kmp-pae-4.4.4_16_3.0.101_97-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-32bit-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-libs-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:xen-tools-domU-4.4.4_16-54.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:xen-devel-4.4.4_16-54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-20T13:47:43Z",
"details": "important"
}
],
"title": "CVE-2017-7228"
}
]
}
suse-su-2017:1058-1
Vulnerability from csaf_suse
Published
2017-04-19 07:16
Modified
2017-04-19 07:16
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following security issues:
- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).
- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).
- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).
Patchnames
sleclo50sp3-xen-13067,sleman21-xen-13067,slemap21-xen-13067,sleposp3-xen-13067,slessp3-xen-13067
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for xen fixes the following security issues:\n\n- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).\n- CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570).\n- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-xen-13067,sleman21-xen-13067,slemap21-xen-13067,sleposp3-xen-13067,slessp3-xen-13067",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1058-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002814.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027570",
"url": "https://bugzilla.suse.com/1027570"
},
{
"category": "self",
"summary": "SUSE Bug 1028235",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "self",
"summary": "SUSE Bug 1030442",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6414 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6505 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7228 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7228/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2017-04-19T07:16:18Z",
"generator": {
"date": "2017-04-19T07:16:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1058-1",
"initial_release_date": "2017-04-19T07:16:18Z",
"revision_history": [
{
"date": "2017-04-19T07:16:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"product": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"product_id": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"product": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"product_id": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_21-38.1.i586",
"product": {
"name": "xen-libs-4.2.5_21-38.1.i586",
"product_id": "xen-libs-4.2.5_21-38.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_21-38.1.i586",
"product": {
"name": "xen-tools-domU-4.2.5_21-38.1.i586",
"product_id": "xen-tools-domU-4.2.5_21-38.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-4.2.5_21-38.1.x86_64",
"product_id": "xen-4.2.5_21-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-doc-html-4.2.5_21-38.1.x86_64",
"product_id": "xen-doc-html-4.2.5_21-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-pdf-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-doc-pdf-4.2.5_21-38.1.x86_64",
"product_id": "xen-doc-pdf-4.2.5_21-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"product": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"product_id": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-libs-4.2.5_21-38.1.x86_64",
"product_id": "xen-libs-4.2.5_21-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.2.5_21-38.1.x86_64",
"product_id": "xen-libs-32bit-4.2.5_21-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-tools-4.2.5_21-38.1.x86_64",
"product_id": "xen-tools-4.2.5_21-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_21-38.1.x86_64",
"product": {
"name": "xen-tools-domU-4.2.5_21-38.1.x86_64",
"product_id": "xen-tools-domU-4.2.5_21-38.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager 2.1",
"product": {
"name": "SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:2.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 2.1",
"product": {
"name": "SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:2.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-38.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-38.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-38.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-38.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586"
},
"product_reference": "xen-libs-4.2.5_21-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-38.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_21-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-html-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-pdf-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-doc-pdf-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586"
},
"product_reference": "xen-libs-4.2.5_21-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-38.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_21-38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64"
},
"product_reference": "xen-tools-domU-4.2.5_21-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-6414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6414"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6414",
"url": "https://www.suse.com/security/cve/CVE-2017-6414"
},
{
"category": "external",
"summary": "SUSE Bug 1027514 for CVE-2017-6414",
"url": "https://bugzilla.suse.com/1027514"
},
{
"category": "external",
"summary": "SUSE Bug 1027570 for CVE-2017-6414",
"url": "https://bugzilla.suse.com/1027570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-19T07:16:18Z",
"details": "low"
}
],
"title": "CVE-2017-6414"
},
{
"cve": "CVE-2017-6505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6505"
}
],
"notes": [
{
"category": "general",
"text": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6505",
"url": "https://www.suse.com/security/cve/CVE-2017-6505"
},
{
"category": "external",
"summary": "SUSE Bug 1028184 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028184"
},
{
"category": "external",
"summary": "SUSE Bug 1028235 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-19T07:16:18Z",
"details": "low"
}
],
"title": "CVE-2017-6505"
},
{
"cve": "CVE-2017-7228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7228"
}
],
"notes": [
{
"category": "general",
"text": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7228",
"url": "https://www.suse.com/security/cve/CVE-2017-7228"
},
{
"category": "external",
"summary": "SUSE Bug 1030442 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "external",
"summary": "SUSE Bug 1072198 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072198"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE Manager Proxy 2.1:xen-tools-domU-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-html-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-doc-pdf-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-32bit-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-libs-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-4.2.5_21-38.1.x86_64",
"SUSE OpenStack Cloud 5:xen-tools-domU-4.2.5_21-38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-19T07:16:18Z",
"details": "important"
}
],
"title": "CVE-2017-7228"
}
]
}
suse-su-2017:0983-1
Vulnerability from csaf_suse
Published
2017-04-11 14:35
Modified
2017-04-11 14:35
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen to version 4.7.2 fixes the following issues:
These security issues were fixed:
- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).
- XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144).
- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).
These non-security issues were fixed:
- bsc#1015348: libvirtd didn't not start during boot
- bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen hypervisor.
- bsc#1026236: Fixed paravirtualized performance
- bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add'
- bsc#1029827: Forward port xenstored
- bsc#1029128: Make xen to really produce xen.efi with gcc48
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2017-572,SUSE-SLE-SDK-12-SP2-2017-572,SUSE-SLE-SERVER-12-SP2-2017-572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for xen to version 4.7.2 fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442).\n- XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144).\n- CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235).\n\nThese non-security issues were fixed:\n\n- bsc#1015348: libvirtd didn\u0027t not start during boot\n- bsc#1014136: kdump couldn\u0027t dump a kernel on SLES12-SP2 with Xen hypervisor.\n- bsc#1026236: Fixed paravirtualized performance\n- bsc#1022555: Timeout in \u0027execution of /etc/xen/scripts/block add\u0027\n- bsc#1029827: Forward port xenstored\n- bsc#1029128: Make xen to really produce xen.efi with gcc48\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2017-572,SUSE-SLE-SDK-12-SP2-2017-572,SUSE-SLE-SERVER-12-SP2-2017-572",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0983-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0983-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170983-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0983-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-April/002793.html"
},
{
"category": "self",
"summary": "SUSE Bug 1014136",
"url": "https://bugzilla.suse.com/1014136"
},
{
"category": "self",
"summary": "SUSE Bug 1015348",
"url": "https://bugzilla.suse.com/1015348"
},
{
"category": "self",
"summary": "SUSE Bug 1022555",
"url": "https://bugzilla.suse.com/1022555"
},
{
"category": "self",
"summary": "SUSE Bug 1026236",
"url": "https://bugzilla.suse.com/1026236"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1028235",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "self",
"summary": "SUSE Bug 1029128",
"url": "https://bugzilla.suse.com/1029128"
},
{
"category": "self",
"summary": "SUSE Bug 1029827",
"url": "https://bugzilla.suse.com/1029827"
},
{
"category": "self",
"summary": "SUSE Bug 1030144",
"url": "https://bugzilla.suse.com/1030144"
},
{
"category": "self",
"summary": "SUSE Bug 1030442",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6505 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7228 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7228/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2017-04-11T14:35:30Z",
"generator": {
"date": "2017-04-11T14:35:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0983-1",
"initial_release_date": "2017-04-11T14:35:30Z",
"revision_history": [
{
"date": "2017-04-11T14:35:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.7.2_02-36.1.aarch64",
"product": {
"name": "xen-devel-4.7.2_02-36.1.aarch64",
"product_id": "xen-devel-4.7.2_02-36.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-4.7.2_02-36.1.x86_64",
"product_id": "xen-4.7.2_02-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-libs-4.7.2_02-36.1.x86_64",
"product_id": "xen-libs-4.7.2_02-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.2_02-36.1.x86_64",
"product_id": "xen-libs-32bit-4.7.2_02-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-devel-4.7.2_02-36.1.x86_64",
"product_id": "xen-devel-4.7.2_02-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-doc-html-4.7.2_02-36.1.x86_64",
"product_id": "xen-doc-html-4.7.2_02-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-tools-4.7.2_02-36.1.x86_64",
"product_id": "xen-tools-4.7.2_02-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.2_02-36.1.x86_64",
"product": {
"name": "xen-tools-domU-4.7.2_02-36.1.x86_64",
"product_id": "xen-tools-domU-4.7.2_02-36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-libs-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.7.2_02-36.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64"
},
"product_reference": "xen-devel-4.7.2_02-36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-devel-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-libs-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-tools-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-doc-html-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-libs-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-tools-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.2_02-36.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64"
},
"product_reference": "xen-tools-domU-4.7.2_02-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-6505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6505"
}
],
"notes": [
{
"category": "general",
"text": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6505",
"url": "https://www.suse.com/security/cve/CVE-2017-6505"
},
{
"category": "external",
"summary": "SUSE Bug 1028184 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028184"
},
{
"category": "external",
"summary": "SUSE Bug 1028235 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1028235"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-6505",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-11T14:35:30Z",
"details": "low"
}
],
"title": "CVE-2017-6505"
},
{
"cve": "CVE-2017-7228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7228"
}
],
"notes": [
{
"category": "general",
"text": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7228",
"url": "https://www.suse.com/security/cve/CVE-2017-7228"
},
{
"category": "external",
"summary": "SUSE Bug 1030442 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1030442"
},
{
"category": "external",
"summary": "SUSE Bug 1072198 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072198"
},
{
"category": "external",
"summary": "SUSE Bug 1072223 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1072223"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-7228",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.2_02-36.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xen-devel-4.7.2_02-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-04-11T14:35:30Z",
"details": "important"
}
],
"title": "CVE-2017-7228"
}
]
}
gsd-2017-7228
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-7228",
"description": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"id": "GSD-2017-7228",
"references": [
"https://www.suse.com/security/cve/CVE-2017-7228.html",
"https://www.debian.org/security/2017/dsa-3847",
"https://linux.oracle.com/cve/CVE-2017-7228.html",
"https://packetstormsecurity.com/files/cve/CVE-2017-7228"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-7228"
],
"details": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"id": "GSD-2017-7228",
"modified": "2023-12-13T01:21:06.463323Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97375"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-212.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"name": "http://openwall.com/lists/oss-security/2017/04/04/3",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"name": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt",
"refsource": "CONFIRM",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"name": "DSA-3847",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"name": "41870",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41870/"
},
{
"name": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"name": "1038223",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038223"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7228"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-212.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"name": "http://openwall.com/lists/oss-security/2017/04/04/3",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"name": "97375",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97375"
},
{
"name": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html",
"refsource": "MISC",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"name": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"name": "1038223",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1038223"
},
{
"name": "41870",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/41870/"
},
{
"name": "DSA-3847",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3847"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-04-04T14:59Z"
}
}
}
fkie_cve-2017-7228
Vulnerability from fkie_nvd
Published
2017-04-04 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays."
},
{
"lang": "es",
"value": "Un problema (conocido como XSA-212) ha sido descubierto en Xen, con arreglos disponibles para 4.8.x, 4.7.x, 4.6.x, 4.5.x, y 4.4.x. La anterior correcci\u00f3n XSA-29 introdujo una comprobaci\u00f3n insuficiente en la entrada XENMEM_exchange, dando permiso a la persona que llama para conducir accesos de memoria de hipervisor fuera de las matrices de entrada/salida proporcionadas por el hu\u00e9sped."
}
],
"id": "CVE-2017-7228",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-04T14:59:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97375"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038223"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/41870/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41870/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-xm77-6vqw-642h
Vulnerability from github
Published
2022-05-13 01:46
Modified
2025-04-20 03:35
Severity ?
VLAI Severity ?
Details
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
{
"affected": [],
"aliases": [
"CVE-2017-7228"
],
"database_specific": {
"cwe_ids": [
"CWE-129"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-04T14:59:00Z",
"severity": "HIGH"
},
"details": "An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.",
"id": "GHSA-xm77-6vqw-642h",
"modified": "2025-04-20T03:35:26Z",
"published": "2022-05-13T01:46:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7228"
},
{
"type": "WEB",
"url": "https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt"
},
{
"type": "WEB",
"url": "https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41870"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/04/04/3"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97375"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038223"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-212.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…