New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.3
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for xen to version 4.7.4 (bsc#1027519) fixes several issues.
This new feature was added :
- Support migration of HVM domains larger than 1 TB
These security issues were fixed :
- bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246)
- bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247).
- CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123)
- CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075).
This non-security issue was fixed :
- bsc#1055047: Fixed --initrd-inject option in virt-install
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Solution
Update the affected xen packages.