Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: 2019:13921-1 Important: Xen Denial Of Service Issues

suse
Calendar Grey January 2, 2019
Dist Suse Esm H88
Canonical issues crucial security notice for Ubuntu tackling several weaknesses and offering vital patches.
An update that solves 13 vulnerabilities and has three fixes is now available

Summary

This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to

References

#1027519 #1031382 #1056336 #1105528 #1108940

#1110924 #1111007 #1111011 #1111014 #1112188

#1114423 #1114988 #1115040 #1115045 #1115047

#1117756

Cross- CVE-2017-13672 CVE-2018-10839 CVE-2018-17958

CVE-2018-17962 CVE-2018-17963 CVE-2018-18438

CVE-2018-18849 CVE-2018-19665 CVE-2018-19961

CVE-2018-19962 CVE-2018-19965 CVE-2018-19966

CVE-2018-19967

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-13672.html

https://www.suse.com/security/cve/CVE-2018-10839.html

https://www.suse.com/security/cve/CVE-2018-17958.html

https://www.suse.com/security/cve/CVE-2018-17962.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:13921-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here