Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

SUSE: 2018:3490-1 Important: Xen Denial of Service Fixes

suse
Calendar Grey October 26, 2018
Dist Suse Esm H88
New patches released for SUSE xend with urgent updates tackling various vulnerabilities, improving overall safety.
An update that solves 5 vulnerabilities and has four fixes is now available

Summary

This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519) - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279) - CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up,

References

#1027519 #1078292 #1091107 #1094508 #1103275

#1103276 #1103279 #1106263 #1111014

Cross- CVE-2018-15468 CVE-2018-15469 CVE-2018-15470

CVE-2018-17963 CVE-2018-3646

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

SUSE CaaS Platform ALL

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2018-15468.html

https://www.suse.com/security/cve/CVE-2018-15469.html

https://www.suse.com/security/cve/CVE-2018-15470.html

https://www.suse.com/security/cve/CVE-2018-17963.html

https://www.suse.com/security/cve/CVE-2018-3646.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1078292

https://bugzilla.suse.com/1091107

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3490-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.