Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2018:2528-1 Important: DoS and Information Disclosure in Xen

suse
Calendar Grey August 27, 2018
Dist Suse Esm H88
Debian Security Fix resolves critical flaws in openvswitch with comprehensive update guidelines.
An update that solves 12 vulnerabilities and has one errata is now available

Summary

This update for xen fixes the following issues: These security issue were fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a

References

#1027519 #1074562 #1079730 #1090822 #1090823

#1091107 #1092631 #1095242 #1096224 #1097206

#1097521 #1097522 #1098744

Cross- CVE-2017-5715 CVE-2017-5753 CVE-2017-5754

CVE-2018-10981 CVE-2018-10982 CVE-2018-11806

CVE-2018-12617 CVE-2018-12891 CVE-2018-12893

CVE-2018-3639 CVE-2018-3646 CVE-2018-3665

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2017-5753.html

https://www.suse.com/security/cve/CVE-2017-5754.html

https://www.suse.com/security/cve/CVE-2018-10981.html

https://www.suse.com/security/cve/CVE-2018-10982.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2528-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.