Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2019:2769-1 Important: Xen Denial of Service and Buffer Overflow

suse
Calendar Grey October 24, 2019
Dist Suse Esm H88
SUSE has released a significant patch addressing 16 vulnerabilities in xen, improving security and reliability across multiple distributions.
An update that fixes 16 vulnerabilities is now available

Summary

This update for xen fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issue fixed: - Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory denial of service security update buffer overflow xen SUSE Linux Enterprise patch instructions

References

#1126140 #1126141 #1126192 #1126195 #1126196

#1126197 #1126198 #1126201 #1127400 #1133818

#1143797 #1146874 #1149813

Cross- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

CVE-2019-11091 CVE-2019-12068 CVE-2019-14378

CVE-2019-15890 CVE-2019-17340 CVE-2019-17341

CVE-2019-17342 CVE-2019-17343 CVE-2019-17344

CVE-2019-17345 CVE-2019-17346 CVE-2019-17347

CVE-2019-17348

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Enterprise Storage 5

SUSE CaaS Platform 3.0

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2018-12126.html

https://...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2769-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service security update buffer overflow xen SUSE Linux Enterprise patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here