Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2019:2783-1 Critical: Xen Denial Of Service Vulnerability Fix

suse
Calendar Grey October 25, 2019
Dist Suse Esm H88
This Fedora patch addresses several vulnerabilities in the kernel, improving overall performance and security for impacted releases.
An update that fixes 11 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2783=1

Topics%20covered

Topics Covered

security advisory denial of service heap overflow SUSE QEMU xen patch instructions

References

#1126140 #1126141 #1126192 #1126195 #1126196

#1126198 #1126201 #1127400 #1143797 #1146874

#1149813

Cross- CVE-2019-12068 CVE-2019-14378 CVE-2019-15890

CVE-2019-17340 CVE-2019-17341 CVE-2019-17342

CVE-2019-17343 CVE-2019-17344 CVE-2019-17346

CVE-2019-17347 CVE-2019-17348

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 4

https://www.suse.com/security/cve/CVE-2019-12068.html

https://www.suse.com/security/cve/CVE-2019-14378.html

https://www.suse.com/security/cve/CVE-2019-15890.html

https://www.suse.com/security/cve/CVE-2019-17340.html

https://www.suse.com/security/cve/CVE-2019-17341.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2783-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service heap overflow SUSE QEMU xen patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here