Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

SUSE: 2018:2081-2 Important: Xen Security Issues and Fixes

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
An urgent SUSE patch for Xen addresses vulnerabilities, including memory leaks and privilege escalations. Prompt implementation is recommended.
An update that solves 5 vulnerabilities and has three fixes is now available

Summary

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Patch Instructions:

References

#1027519 #1087289 #1094725 #1095242 #1096224

#1097521 #1097522 #1097523

Cross- CVE-2018-11806 CVE-2018-12891 CVE-2018-12892

CVE-2018-12893 CVE-2018-3665

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2018-11806.html

https://www.suse.com/security/cve/CVE-2018-12891.html

https://www.suse.com/security/cve/CVE-2018-12892.html

https://www.suse.com/security/cve/CVE-2018-12893.html

https://www.suse.com/security/cve/CVE-2018-3665.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1087289

https://bugzilla.suse.com/1094725

https://bugzilla.suse.com/1095242

https://bugzilla.suse.com/1096224

https://bugzilla.suse.com/1097521

https://bugzilla.suse.com/1097522

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2081-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.