Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

openSUSE Leap 15.0: 2019:1199-1 Important: Xen Denial of Service Fix

opensuse
Calendar Grey April 12, 2019
Dist Opensuse Esm H88
Significant openSUSE patch tackles a DoS flaw in Xen, featuring vital improvements to bolster security and reliability.
An update that solves one vulnerability and has 13 fixes is now available.

Description

This update for xen fixes the following issues:

Security issues fixed:

- CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the

host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)

- Fixed an issue which could allow malicious PV guests may cause a host

crash or gain access to data pertaining to other guests.Additionally,

vulnerable configurations are likely to be unstable even in the absence

of an attack (bsc#1126198).

- Fixed multiple access violations introduced by XENMEM_exchange hypercall

which could allow a single PV guest to leak arbitrary amounts of memory,

leading to a denial of service (bsc#1126192).

- Fixed an issue which could allow a malicious unprivileged guest

userspace process to escalate its privilege to that of other userspace

processes in the same guest and potentially thereby to that

of the guest operating system (bsc#1126201).

- Fixed an issue which could allow...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1199=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

xen-debugsource-4.10.3_02-lp150.2.16.1

xen-devel-4.10.3_02-lp150.2.16.1

xen-libs-4.10.3_02-lp150.2.16.1

xen-libs-debuginfo-4.10.3_02-lp150.2.16.1

xen-tools-domU-4.10.3_02-lp150.2.16.1

xen-tools-domU-debuginfo-4.10.3_02-lp150.2.16.1

- openSUSE Leap 15.0 (x86_64):

xen-4.10.3_02-lp150.2.16.1

xen-doc-html-4.10.3_02-lp150.2.16.1

xen-libs-32bit-4.10.3_02-lp150.2.16.1

xen-libs-32bit-debuginfo-4.10.3_02-lp150.2.16.1

xen-tools-4.10.3_02-lp150.2.16.1

xen-tools-debuginfo-4.10.3_02-lp150.2.16.1

References

https://www.suse.com/security/cve/CVE-2018-19967.html

https://bugzilla.suse.com/1026236

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1114988

https://bugzilla.suse.com/1126140

https://bugzilla.suse.com/1126141

https://bugzilla.suse.com/1126192

https://bugzilla.suse.com/1126195

https://bugzilla.suse.com/1126196

https://bugzilla.suse.com/1126197

https://bugzilla.suse.com/1126198

https://bugzilla.suse.com/1126201

https://bugzilla.suse.com/1126325

https://bugzilla.suse.com/1127400

https://bugzilla.suse.com/1127620

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1199-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.