Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE Leap 15.1: Important Security Update for Xen Issues

opensuse
Calendar Grey January 13, 2020
Dist Opensuse Esm H88
The latest update for openSUSE Xen addresses several security flaws, significantly improving the robustness of the system with crucial patches.
An update that contains security fixes can now be installed.

Description

This update for xen fixes the following issues:

- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm

(bsc#1158003 XSA-307).

- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to

bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307).

- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH

guest userspace code to crash the guest,leading to a guest denial of

service (bsc#1158004 XSA-308).

- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could

have caused hypervisor crash resulting in denial of service affecting

the entire host (bsc#1158005 XSA-309).

- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest

administrator could have been able to escalate their privilege to that

of the host (bsc#1158006 XSA-310).

- CVE-2019-19577: Fixed an issue where a malicious guest administrator

could have caused Xen to access data structures...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory important Denial of Service xen Privilege Escalation openSUSE Arm

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-11=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

xen-debugsource-4.12.1_06-lp151.2.9.1

xen-devel-4.12.1_06-lp151.2.9.1

xen-libs-4.12.1_06-lp151.2.9.1

xen-libs-debuginfo-4.12.1_06-lp151.2.9.1

xen-tools-domU-4.12.1_06-lp151.2.9.1

xen-tools-domU-debuginfo-4.12.1_06-lp151.2.9.1

- openSUSE Leap 15.1 (x86_64):

xen-4.12.1_06-lp151.2.9.1

xen-doc-html-4.12.1_06-lp151.2.9.1

xen-libs-32bit-4.12.1_06-lp151.2.9.1

xen-libs-32bit-debuginfo-4.12.1_06-lp151.2.9.1

xen-tools-4.12.1_06-lp151.2.9.1

xen-tools-debuginfo-4.12.1_06-lp151.2.9.1

References

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:0011-1
Rating: important
Affected Products: openSUSE Leap 15.1

Topics%20covered

Topics Covered

security advisory important Denial of Service xen Privilege Escalation openSUSE Arm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here