SUSE: 2018:3230-1 Important: Xen Denial of Service Exploits

suse

October 18, 2018

An update that solves four vulnerabilities and has three fixes is now available

Summary

This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of

Topics Covered

security advisory denial of service important xen SUSE Linux Enterprise

References

#1027519 #1086039 #1089152 #1089635 #1090820

#1090822 #1090823

Cross- CVE-2017-5754 CVE-2018-10471 CVE-2018-10472

CVE-2018-8897

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2017-5754.html

https://www.suse.com/security/cve/CVE-2018-10471.html

https://www.suse.com/security/cve/CVE-2018-10472.html

https://www.suse.com/security/cve/CVE-2018-8897.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1086039

https://bugzilla.suse.com/1089152

https://bugzilla.suse.com/1089635

https://bugzilla.suse.com/1090820

https://bugzilla.suse.com/1090822

https://bugzilla.suse.com/1090823

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:3230-1

Rating: important

Topics Covered

security advisory denial of service important xen SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:3230-1 Important: Xen Denial of Service Exploits

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:3230-1 Important: Xen Denial of Service Exploits

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!