Explore top 10 tips to secure your open-source projects now. Read More
×
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the
host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)
- Fixed an issue which could allow malicious PV guests may cause a host
crash or gain access to data pertaining to other guests.Additionally,
vulnerable configurations are likely to be unstable even in the absence
of an attack (bsc#1126198).
- Fixed multiple access violations introduced by XENMEM_exchange hypercall
which could allow a single PV guest to leak arbitrary amounts of memory,
leading to a denial of service (bsc#1126192).
- Fixed an issue which could allow a malicious unprivileged guest
userspace process to escalate its privilege to that of other userspace
processes in the same guest and potentially thereby to that
of the guest operating system (bsc#1126201).
- Fixed an issue which could allow...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1199=1
- openSUSE Leap 15.0 (i586 x86_64):
xen-debugsource-4.10.3_02-lp150.2.16.1
xen-devel-4.10.3_02-lp150.2.16.1
xen-libs-4.10.3_02-lp150.2.16.1
xen-libs-debuginfo-4.10.3_02-lp150.2.16.1
xen-tools-domU-4.10.3_02-lp150.2.16.1
xen-tools-domU-debuginfo-4.10.3_02-lp150.2.16.1
- openSUSE Leap 15.0 (x86_64):
xen-4.10.3_02-lp150.2.16.1
xen-doc-html-4.10.3_02-lp150.2.16.1
xen-libs-32bit-4.10.3_02-lp150.2.16.1
xen-libs-32bit-debuginfo-4.10.3_02-lp150.2.16.1
xen-tools-4.10.3_02-lp150.2.16.1
xen-tools-debuginfo-4.10.3_02-lp150.2.16.1
https://www.suse.com/security/cve/CVE-2018-19967.html
https://bugzilla.suse.com/1026236
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1114988
https://bugzilla.suse.com/1126140
https://bugzilla.suse.com/1126141
https://bugzilla.suse.com/1126192
https://bugzilla.suse.com/1126195
https://bugzilla.suse.com/1126196
https://bugzilla.suse.com/1126197
https://bugzilla.suse.com/1126198
https://bugzilla.suse.com/1126201
https://bugzilla.suse.com/1126325
https://bugzilla.suse.com/1127400
https://bugzilla.suse.com/1127620
--
Get the latest Linux and open source security news straight to your inbox.