Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2019:3297-1 Critical: Xen Denial Of Service And Elevation Flaws

suse
Calendar Grey December 13, 2019
Dist Suse Esm H88
Stay informed about the recent SUSE Security Patch for xen, which tackles significant concerns and provides essential solutions for multiple security flaws.
An update that fixes 15 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation important suse out of bounds xen

References

#1152497 #1154448 #1154456 #1154458 #1154460

#1154461 #1154464 #1155945 #1157888 #1158003

#1158004 #1158005 #1158006 #1158007

Cross- CVE-2018-12207 CVE-2019-11135 CVE-2019-18420

CVE-2019-18421 CVE-2019-18422 CVE-2019-18423

CVE-2019-18424 CVE-2019-18425 CVE-2019-19577

CVE-2019-19578 CVE-2019-19579 CVE-2019-19580

CVE-2019-19581 CVE-2019-19582 CVE-2019-19583

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Enterprise Storage 5

SUSE CaaS Platform 3.0

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2018-12207.html

https://www.su...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:3297-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation important suse out of bounds xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here