SB2018042543 - Fedora 28 update for xen

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2018-10471)

The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to an unconditional write attempt of the value zero to an address near 2^64. An adjacent attacker can cause the service to crash or execute arbitrary code via unexpected INT 80 processing.

Successful exploitation of the vulnerability may result in system compromise.

2) Error handling (CVE-ID: CVE-2018-10471)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to error handling flaw. An adjacent attacker can cause the service to crash.

3) Information disclosure (CVE-ID: CVE-2018-10472)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists in certain configurations due to improper information control. An adjacent attacker can read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

4) Information disclosure (CVE-ID: CVE-2018-10472)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The weakness exists due to improper information control. An adjacent attacker can supply a specially crafted CDROM image to read arbitrary files or device nodes on the dom0 filesystem with the privileges of the quem devicemodel process.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0