Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

openSUSE Leap 42.3: 2018:4111-1 Important: Xen Security Flaws Resolved

opensuse
Calendar Grey December 13, 2018
Dist Opensuse Esm H88
Fedora has announced a significant patch addressing 5 vulnerabilities, including critical bugs in networking services. Protect your server today!
An update that solves 6 vulnerabilities and has one errata is now available.

Description

This update for xen fixes the following issues:

Security issues fixed:

- CVE-2018-18849: Fixed an out of bounds memory access issue was found in

the LSI53C895A SCSI Host Bus Adapter emulation while writing a message

in lsi_do_msgin (bsc#1114423).

- CVE-2018-18883: Fixed a NULL pointer dereference that could have been

triggered by nested VT-x that where not properly restricted

(XSA-278)(bsc#1114405).

- CVE-2018-19965: Fixed denial of service issue from attempting to use

INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).

- CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused

conflicts with shadow paging (XSA-280)(bsc#1115047).

- CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /

improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).

Non-security issues fixed:

- Added upstream bug fixes (bsc#1027519).

This update was imported from the SUSE:SLE-12-SP3:Update...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security issue important out of bounds access xen openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1530=1

Package List

- openSUSE Leap 42.3 (x86_64):

xen-4.9.3_03-34.1

xen-debugsource-4.9.3_03-34.1

xen-devel-4.9.3_03-34.1

xen-doc-html-4.9.3_03-34.1

xen-libs-4.9.3_03-34.1

xen-libs-debuginfo-4.9.3_03-34.1

xen-tools-4.9.3_03-34.1

xen-tools-debuginfo-4.9.3_03-34.1

xen-tools-domU-4.9.3_03-34.1

xen-tools-domU-debuginfo-4.9.3_03-34.1

References

https://www.suse.com/security/cve/CVE-2018-18849.html

https://www.suse.com/security/cve/CVE-2018-18883.html

https://www.suse.com/security/cve/CVE-2018-19961.html

https://www.suse.com/security/cve/CVE-2018-19962.html

https://www.suse.com/security/cve/CVE-2018-19965.html

https://www.suse.com/security/cve/CVE-2018-19966.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1108940

https://bugzilla.suse.com/1114405

https://bugzilla.suse.com/1114423

https://bugzilla.suse.com/1115040

https://bugzilla.suse.com/1115045

https://bugzilla.suse.com/1115047

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:4111-1
Rating: important
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory denial of service security issue important out of bounds access xen openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here