Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

SUSE: 2019:14011-1 Critical: Xen DoS and Memory Issues Fixed

suse
Calendar Grey April 3, 2019
Dist Suse Esm H88
Critical SUSE patch addresses various vulnerabilities in xen, improving reliability and safeguarding.
An update that solves 14 vulnerabilities and has four fixes is now available

Summary

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read

References

#1110924 #1111007 #1111011 #1111014 #1112188

#1114423 #1114988 #1115040 #1115045 #1115047

#1117756 #1123157 #1126140 #1126141 #1126192

#1126195 #1126196 #1129623

Cross- CVE-2018-10839 CVE-2018-17958 CVE-2018-17962

CVE-2018-17963 CVE-2018-18438 CVE-2018-18849

CVE-2018-19665 CVE-2018-19961 CVE-2018-19962

CVE-2018-19965 CVE-2018-19966 CVE-2018-19967

CVE-2019-6778 CVE-2019-9824

Affected Products:

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2018-10839.html

https://www.suse.com/security/cve/CVE-2018-17958.html

https://www.suse.com/security/cve/CVE-2018-17962.html

https://www.suse.com/security/cve/CVE-2018-17963.html

https://www.suse.com/security/cve/CVE-2018-18438.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:14011-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.