SUSE: 2018:1181-1 Important: Xen Buffer Overflow And Escalation Threats

suse

May 9, 2018

An update that solves four vulnerabilities and has 7 fixes is now available.

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of

Topics Covered

security advisory buffer overflow critical privilege escalation important suse xen

References

#1027519 #1035442 #1057493 #1072834 #1083292

#1086107 #1089152 #1089635 #1090820 #1090822

#1090823

Cross- CVE-2018-10471 CVE-2018-10472 CVE-2018-7550

CVE-2018-8897

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-10471.html

https://www.suse.com/security/cve/CVE-2018-10472.html

https://www.suse.com/security/cve/CVE-2018-7550.html

https://www.suse.com/security/cve/CVE-2018-8897.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1035442

https://bugzilla.suse.com/1057493

https://bugzilla.suse.com/1072834

https://bugzilla.suse.com/1083292

https://bugzilla.suse.com/1086107

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:1181-1

Rating: important

Topics Covered

security advisory buffer overflow critical privilege escalation important suse xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:1181-1 Important: Xen Buffer Overflow And Escalation Threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:1181-1 Important: Xen Buffer Overflow And Escalation Threats

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!