Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: 2020:14444-1 Important: Xen Security Update DoS Issues

suse
Calendar Grey August 4, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for xen ______________________________________________________
An update that fixes 16 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues - bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host - bsc#1157888 - CVE-2019-19579: Device quarantine for alternate pci assignment methods - bsc#1158004 - CVE-2019-19583: VMX: VMentry failure with debug exceptions and blocked states - bsc#1158005 - CVE-2019-19578: Linear pagetable use / entry miscounts - bsc#1158006 - CVE-2019-19580: Further issues with restartable PV type change operations

References

#1152497 #1154448 #1154456 #1154458 #1154461

#1155945 #1157888 #1158004 #1158005 #1158006

#1158007 #1161181 #1163019 #1168140 #1169392

#1174543

Cross- CVE-2018-12207 CVE-2019-11135 CVE-2019-18420

CVE-2019-18421 CVE-2019-18424 CVE-2019-18425

CVE-2019-19577 CVE-2019-19578 CVE-2019-19579

CVE-2019-19580 CVE-2019-19583 CVE-2020-11740

CVE-2020-11741 CVE-2020-11742 CVE-2020-7211

CVE-2020-8608

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-12207.html

https://www.suse.com/security/cve/CVE-2019-11135.html

https://www.suse.com/security/cve/CVE-2019-18420.html

https://www.suse.com/security/cve/CVE-2019-18421.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:14444-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here