Explore top 10 tips to secure your open-source projects now. Read More
×
This update for xen to version 4.9.2 fixes several issues. This feature was added: - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in
#1027519 #1072834 #1080634 #1080635 #1080662
#1087251 #1087252 #1089152 #1089635 #1090820
#1090822 #1090823
Cross- CVE-2018-10471 CVE-2018-10472 CVE-2018-7540
CVE-2018-7541 CVE-2018-7542 CVE-2018-8897
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
https://www.suse.com/security/cve/CVE-2018-10471.html
https://www.suse.com/security/cve/CVE-2018-10472.html
https://www.suse.com/security/cve/CVE-2018-7540.html
https://www.suse.com/security/cve/CVE-2018-7541.html
https://www.suse.com/security/cve/CVE-2018-7542.html
https://www.suse.com/security/cve/CVE-2018-8897.html
https://bugzilla.suse.com/1027519
Get the latest Linux and open source security news straight to your inbox.