Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

SUSE 11-SP3: 2018:1203-1 Important: Xen Security Issues

suse
Calendar Grey May 10, 2018
Dist Suse Esm H88
Critical security enhancements for Xen on SUSE, along with detailed patching steps to ensure safe deployment.
An update that solves four vulnerabilities and has two fixes is now available.

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of

References

#1083292 #1089152 #1089635 #1090820 #1090822

#1090823

Cross- CVE-2018-10471 CVE-2018-10472 CVE-2018-7550

CVE-2018-8897

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2018-10471.html

https://www.suse.com/security/cve/CVE-2018-10472.html

https://www.suse.com/security/cve/CVE-2018-7550.html

https://www.suse.com/security/cve/CVE-2018-8897.html

https://bugzilla.suse.com/1083292

https://bugzilla.suse.com/1089152

https://bugzilla.suse.com/1089635

https://bugzilla.suse.com/1090820

https://bugzilla.suse.com/1090822

https://bugzilla.suse.com/1090823

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:1203-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.