Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2019:2753-1 Important: Xen Denial of Service and Buffer Overflow

suse
Calendar Grey October 23, 2019
Dist Suse Esm H88
SUSE has released a patch that resolves 16 vulnerabilities concerning xen, which include critical threats such as buffer overflow and denial of service issues.
An update that solves 16 vulnerabilities and has four fixes is now available

Summary

This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).

Topics%20covered

Topics Covered

security advisory security issue buffer overflow important Denial of Service SUSE xen

References

#1027519 #1111331 #1126140 #1126141 #1126192

#1126195 #1126196 #1126197 #1126198 #1126201

#1127400 #1129642 #1131811 #1137717 #1138294

#1143797 #1145240 #1145774 #1146874 #1149813

Cross- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

CVE-2019-11091 CVE-2019-12068 CVE-2019-14378

CVE-2019-15890 CVE-2019-17340 CVE-2019-17341

CVE-2019-17342 CVE-2019-17343 CVE-2019-17344

CVE-2019-17345 CVE-2019-17346 CVE-2019-17347

CVE-2019-17348

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-12126.html

https://www.suse.com/security/cve/CVE-2018-12127.html

https://www.suse.com/security/cve/CVE-2018-12130.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2753-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue buffer overflow important Denial of Service SUSE xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here