Explore top 10 tips to secure your open-source projects now. Read More
×
This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519) - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279) - CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up,
#1027519 #1078292 #1091107 #1094508 #1103275
#1103276 #1103279 #1106263 #1111014
Cross- CVE-2018-15468 CVE-2018-15469 CVE-2018-15470
CVE-2018-17963 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-15468.html
https://www.suse.com/security/cve/CVE-2018-15469.html
https://www.suse.com/security/cve/CVE-2018-15470.html
https://www.suse.com/security/cve/CVE-2018-17963.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1078292
https://bugzilla.suse.com/1091107
Get the latest Linux and open source security news straight to your inbox.