Linux Security
    Linux Security
    Linux Security

    SUSE: 2019:2769-1 important: xen

    Date 24 Oct 2019
    608
    Posted By LinuxSecurity Advisories
    An update that fixes 16 vulnerabilities is now available.
    
       SUSE Security Update: Security update for xen
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:2769-1
    Rating:             important
    References:         #1126140 #1126141 #1126192 #1126195 #1126196 
                        #1126197 #1126198 #1126201 #1127400 #1133818 
                        #1143797 #1146874 #1149813 
    Cross-References:   CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
                        CVE-2019-11091 CVE-2019-12068 CVE-2019-14378
                        CVE-2019-15890 CVE-2019-17340 CVE-2019-17341
                        CVE-2019-17342 CVE-2019-17343 CVE-2019-17344
                        CVE-2019-17345 CVE-2019-17346 CVE-2019-17347
                        CVE-2019-17348
    Affected Products:
                        SUSE OpenStack Cloud Crowbar 8
                        SUSE OpenStack Cloud 8
                        SUSE Linux Enterprise Server for SAP 12-SP3
                        SUSE Linux Enterprise Server 12-SP3-LTSS
                        SUSE Linux Enterprise Server 12-SP3-BCL
                        SUSE Enterprise Storage 5
                        SUSE CaaS Platform 3.0
                        HPE Helion Openstack 8
    ______________________________________________________________________________
    
       An update that fixes 16 vulnerabilities is now available.
    
    Description:
    
       This update for xen fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2019-15890: Fixed a use-after-free in SLiRP networking
         implementation of QEMU emulator which could have led to Denial of
         Service (bsc#1149813).
       - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite
         loop and denial of service (bsc#1146874).
       - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking
         implementation of QEMU emulator which could have led to execution of
         arbitrary code with privileges of the QEMU process (bsc#1143797).
    
       Other issue fixed:
    
       - Fixed an issue where libxenlight could not restore domain vsa6535522 on
         live migration (bsc#1133818).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud Crowbar 8:
    
          zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2769=1
    
       - SUSE OpenStack Cloud 8:
    
          zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2769=1
    
       - SUSE Linux Enterprise Server for SAP 12-SP3:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2769=1
    
       - SUSE Linux Enterprise Server 12-SP3-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2769=1
    
       - SUSE Linux Enterprise Server 12-SP3-BCL:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2769=1
    
       - SUSE Enterprise Storage 5:
    
          zypper in -t patch SUSE-Storage-5-2019-2769=1
    
       - SUSE CaaS Platform 3.0:
    
          To install this update, use the SUSE CaaS Platform Velum dashboard.
          It will inform you if it detects new updates and let you then trigger
          updating of the complete cluster in a controlled way.
    
       - HPE Helion Openstack 8:
    
          zypper in -t patch HPE-Helion-OpenStack-8-2019-2769=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud Crowbar 8 (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - SUSE OpenStack Cloud 8 (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - SUSE Enterprise Storage 5 (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - SUSE CaaS Platform 3.0 (x86_64):
    
          xen-debugsource-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
       - HPE Helion Openstack 8 (x86_64):
    
          xen-4.9.4_04-3.56.2
          xen-debugsource-4.9.4_04-3.56.2
          xen-doc-html-4.9.4_04-3.56.2
          xen-libs-32bit-4.9.4_04-3.56.2
          xen-libs-4.9.4_04-3.56.2
          xen-libs-debuginfo-32bit-4.9.4_04-3.56.2
          xen-libs-debuginfo-4.9.4_04-3.56.2
          xen-tools-4.9.4_04-3.56.2
          xen-tools-debuginfo-4.9.4_04-3.56.2
          xen-tools-domU-4.9.4_04-3.56.2
          xen-tools-domU-debuginfo-4.9.4_04-3.56.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-12126.html
       https://www.suse.com/security/cve/CVE-2018-12127.html
       https://www.suse.com/security/cve/CVE-2018-12130.html
       https://www.suse.com/security/cve/CVE-2019-11091.html
       https://www.suse.com/security/cve/CVE-2019-12068.html
       https://www.suse.com/security/cve/CVE-2019-14378.html
       https://www.suse.com/security/cve/CVE-2019-15890.html
       https://www.suse.com/security/cve/CVE-2019-17340.html
       https://www.suse.com/security/cve/CVE-2019-17341.html
       https://www.suse.com/security/cve/CVE-2019-17342.html
       https://www.suse.com/security/cve/CVE-2019-17343.html
       https://www.suse.com/security/cve/CVE-2019-17344.html
       https://www.suse.com/security/cve/CVE-2019-17345.html
       https://www.suse.com/security/cve/CVE-2019-17346.html
       https://www.suse.com/security/cve/CVE-2019-17347.html
       https://www.suse.com/security/cve/CVE-2019-17348.html
       https://bugzilla.suse.com/1126140
       https://bugzilla.suse.com/1126141
       https://bugzilla.suse.com/1126192
       https://bugzilla.suse.com/1126195
       https://bugzilla.suse.com/1126196
       https://bugzilla.suse.com/1126197
       https://bugzilla.suse.com/1126198
       https://bugzilla.suse.com/1126201
       https://bugzilla.suse.com/1127400
       https://bugzilla.suse.com/1133818
       https://bugzilla.suse.com/1143797
       https://bugzilla.suse.com/1146874
       https://bugzilla.suse.com/1149813
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.