Bugzilla – Bug 1047675
VUL-1: CVE-2017-10806: xen: usb-redirect: stack buffer overflow in debug logging
Last modified: 2020-10-21 09:19:33 UTC
+++ This bug was initially created as a clone of Bug #1047674 +++ http://www.openwall.com/lists/oss-security/2017/07/07/1 From: P J P Quick emulator(Qemu) built with the USB redirector support is vulnerable to a stack buffer overflow flaw. It could occur while logging debug messages when the debug mode is enabled in the device. A user/process could use this flaw to crash the Qemu process on the host resulting in DoS. Upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html This issue was reported by Li Qiang of Qihoo 360 Gear Team. References: https://bugzilla.redhat.com/show_bug.cgi?id=1468496 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10806 http://seclists.org/oss-sec/2017/q3/78 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806 https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
Submitted for, SUSE:SLE-11-SP4:Update SUSE:SLE-12:Update SUSE:SLE-12-SP1:Update
SUSE-SU-2017:2319-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1002573,1046637,1047675,1048920,1049578,1051787,1051788,1052686 CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137 Sources used: SUSE OpenStack Cloud 6 (src): xen-4.5.5_14-22.25.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): xen-4.5.5_14-22.25.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): xen-4.5.5_14-22.25.1
SUSE-SU-2017:2450-1: An update that solves 10 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1027519,1032598,1037413,1046637,1047675,1048920,1049578,1051787,1051788,1052686,1056278,1056281,1056282 CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137,CVE-2017-12855,CVE-2017-14316,CVE-2017-14317,CVE-2017-14319 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xen-4.4.4_22-61.9.2 SUSE Linux Enterprise Server 11-SP4 (src): xen-4.4.4_22-61.9.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.4_22-61.9.2
SUSE-SU-2017:2541-1: An update that solves 10 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1002573,1027519,1032598,1037413,1046637,1047675,1048920,1049578,1051787,1051788,1052686,1056278,1056281,1056282 CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137,CVE-2017-12855,CVE-2017-14316,CVE-2017-14317,CVE-2017-14319 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): xen-4.4.4_22-22.51.2 SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_22-22.51.2
released
SUSE-SU-2019:14201-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1047675,1126140,1126141,1126192,1126195,1126196,1130680,1135905,1143797,1145652,1146874,1149813 CVE References: CVE-2017-10806,CVE-2018-20815,CVE-2019-12067,CVE-2019-12068,CVE-2019-12155,CVE-2019-14378,CVE-2019-15890,CVE-2019-17340,CVE-2019-17341,CVE-2019-17342,CVE-2019-17343,CVE-2019-17344 Sources used: SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-45.33.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-45.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.