Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE Leap 15.0: 2018:2116-1 Important: Xen DoS Risks

opensuse
Calendar Grey July 28, 2018
Dist Opensuse Esm H88
A vital patch for openSUSE Leap 15.0 targets several vulnerabilities in xen. Ensure your system's safety by applying these essential updates!
An update that solves four vulnerabilities and has four fixes is now available.

Description

This update for xen fixes the following issues:

Security issues fixed:

- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).

- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU

operations that affect the entire host (XSA-264) (bsc#1097521).

- CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated

SCSI disks (XSA-266) (bsc#1097523).

- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check

(XSA-265) (bsc#1097522).

Bug fixes:

- bsc#1027519: Add upstream patches from January.

- bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV

domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen.

- bsc#1087289: Fix xen scheduler crash.

This update was imported from the SUSE:SLE-15:Update update project.

Topics%20covered

Topics Covered

security advisory critical issue system update Denial of Service xen openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-766=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

xen-debugsource-4.10.1_06-lp150.2.6.1

xen-devel-4.10.1_06-lp150.2.6.1

xen-libs-4.10.1_06-lp150.2.6.1

xen-libs-debuginfo-4.10.1_06-lp150.2.6.1

xen-tools-domU-4.10.1_06-lp150.2.6.1

xen-tools-domU-debuginfo-4.10.1_06-lp150.2.6.1

- openSUSE Leap 15.0 (x86_64):

xen-4.10.1_06-lp150.2.6.1

xen-doc-html-4.10.1_06-lp150.2.6.1

xen-libs-32bit-4.10.1_06-lp150.2.6.1

xen-libs-32bit-debuginfo-4.10.1_06-lp150.2.6.1

xen-tools-4.10.1_06-lp150.2.6.1

xen-tools-debuginfo-4.10.1_06-lp150.2.6.1

References

https://www.suse.com/security/cve/CVE-2018-12891.html

https://www.suse.com/security/cve/CVE-2018-12892.html

https://www.suse.com/security/cve/CVE-2018-12893.html

https://www.suse.com/security/cve/CVE-2018-3665.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1079730

https://bugzilla.suse.com/1087289

https://bugzilla.suse.com/1095242

https://bugzilla.suse.com/1097521

https://bugzilla.suse.com/1097522

https://bugzilla.suse.com/1097523

https://bugzilla.suse.com/1098403

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2116-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory critical issue system update Denial of Service xen openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here