Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SUSE 12-SP3: 2018:1184-1 Important: Xen Denial Of Service

suse
Calendar Grey May 9, 2018
Dist Suse Esm H88
Ubuntu Security Patch for nginx 2023:6574-2 tackles multiple serious vulnerabilities to bolster platform integrity.
An update that solves 6 vulnerabilities and has 6 fixes is now available.

Summary

This update for xen to version 4.9.2 fixes several issues. This feature was added: - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in

References

#1027519 #1072834 #1080634 #1080635 #1080662

#1087251 #1087252 #1089152 #1089635 #1090820

#1090822 #1090823

Cross- CVE-2018-10471 CVE-2018-10472 CVE-2018-7540

CVE-2018-7541 CVE-2018-7542 CVE-2018-8897

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

SUSE CaaS Platform ALL

https://www.suse.com/security/cve/CVE-2018-10471.html

https://www.suse.com/security/cve/CVE-2018-10472.html

https://www.suse.com/security/cve/CVE-2018-7540.html

https://www.suse.com/security/cve/CVE-2018-7541.html

https://www.suse.com/security/cve/CVE-2018-7542.html

https://www.suse.com/security/cve/CVE-2018-8897.html

https://bugzilla.suse.com/1027519

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:1184-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.