Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2019:0875-1 Important: Denial Of Service Fix For Xen

suse
Calendar Grey April 4, 2019
Dist Suse Esm H88
SUSE Security Notice: Critical advisory regarding xen tackling significant concerns with denial of service and overall system reliability.
An update that solves one vulnerability and has 13 fixes is now available

Summary

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace

Topics%20covered

Topics Covered

security advisory update DoS system stability SUSE important fix xen

References

#1026236 #1027519 #1114988 #1126140 #1126141

#1126192 #1126195 #1126196 #1126197 #1126198

#1126201 #1126325 #1127400 #1127620

Cross- CVE-2018-19967

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-19967.html

https://bugzilla.suse.com/1026236

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1114988

https://bugzilla.suse.com/1126140

https://bugzilla.suse.com/1126141

https://bugzilla.suse.com/1126192

https://bugzilla.suse.com/1126195

https://bugzilla.suse.com/1126196

https://bugzilla.suse.com/1126197

https://bugzilla.suse.com/1126198

https://bugzilla.suse.com/1126201

https://bugzilla.suse.com/1126325

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:0875-1
Rating: important

Topics%20covered

Topics Covered

security advisory update DoS system stability SUSE important fix xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here