Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorymoderateCVE fixSUSE 15 SP2: 2024:0270-1 Moderate: Xen Phantom Functions Issue
* bsc#1218851 Cross-References: * CVE-2023-46839 . # Security update for xen Announcement ID: SUSE-SU-2024:0270-1 Rating: moderate References: * bsc#1218851 Cross-References: * CVE-2023-46839 CVSS scores: * CVE-2023-46839 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-270=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-270=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-270=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * xen-tools-domU-4.13.5_10-150200.3.86.1 * xen-libs-4.13.5_10-150200.3.86.1 * xen-devel-4.13.5_10-150200.3.86.1 * xen-libs-debuginfo-4.13.5_10-150200.3.86.1 * xen-tools-domU-debuginfo-4.13.5_10-150200.3.86.1 * xen-debugsource-4.13.5_10-150200.3.86.1 * xen-4.13.5_10-150200.3.86.1 * xen-tools-4.13.5_10-150200.3.86.1 *xen-tools-debuginfo-4.13.5_10-150200.3.86.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_10-150200.3.86.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * xen-tools-domU-4.13.5_10-150200.3.86.1 * xen-libs-4.13.5_10-150200.3.86.1 * xen-devel-4.13.5_10-150200.3.86.1 * xen-libs-debuginfo-4.13.5_10-150200.3.86.1 * xen-tools-domU-debuginfo-4.13.5_10-150200.3.86.1 * xen-debugsource-4.13.5_10-150200.3.86.1 * xen-4.13.5_10-150200.3.86.1 * xen-tools-4.13.5_10-150200.3.86.1 * xen-tools-debuginfo-4.13.5_10-150200.3.86.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_10-150200.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * xen-tools-domU-4.13.5_10-150200.3.86.1 * xen-libs-4.13.5_10-150200.3.86.1 * xen-devel-4.13.5_10-150200.3.86.1 * xen-libs-debuginfo-4.13.5_10-150200.3.86.1 * xen-tools-domU-debuginfo-4.13.5_10-150200.3.86.1 * xen-debugsource-4.13.5_10-150200.3.86.1 * xen-4.13.5_10-150200.3.86.1 * xen-tools-4.13.5_10-150200.3.86.1 * xen-tools-debuginfo-4.13.5_10-150200.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_10-150200.3.86.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46839.html * https://bugzilla.suse.com/show_bug.cgi?id=1218851 . Important SUSE patch for xen related to CVE-2023-46839 categorized as moderate risk. Please adhere to the installation guidelines provided.. SUSE Linux Security,xen update,moderate severity,system reboot. . LinuxSecurity.com Team
Jan 30, 2024
SuSE
100
security advisorysoftware patchmoderate severitySUSE MicroOS 5.1 SUSE-SU-2021:3140-2 Moderate: Xen Race Condition
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3140-2 Rating: moderate References: #1027519 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3140=1 Package List: - SUSE MicroOS 5.1 (x86_64): xen-debugsource-4.14.2_06-3.12.1 xen-libs-4.14.2_06-3.12.1 xen-libs-debuginfo-4.14.2_06-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 . The recent SUSE Security Update tackles a moderate vulnerability found in xen, providing a single resolution along with guidance for upgrading SUSE MicroOS 5.1.. Suse MicroOS, Xen Update, Security Fix, Patch Instructions. . LinuxSecurity.com Team
Oct 21, 2021
SuSE
100
security advisorycriticalimportantSUSE: 2021:1252-1 Important: Xen Infinite Loop and IOMMU Threat
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1252-1 Rating: important References: #1182431 #1182846 Cross-References: CVE-2021-20257 CVE-2021-27379 CVSS scores: CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-27379 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27379 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-20257: xen: infinite loop issue in the e1000 NIC emulator (bsc#1182846). - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1252=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1252=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1252=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1252=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1252=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-1252=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_16-3.83.1 xen-debugsource-4.9.4_16-3.83.1 xen-doc-html-4.9.4_16-3.83.1 xen-libs-32bit-4.9.4_16-3.83.1 xen-libs-4.9.4_16-3.83.1 xen-libs-debuginfo-32bit-4.9.4_16-3.83.1 xen-libs-debuginfo-4.9.4_16-3.83.1 xen-tools-4.9.4_16-3.83.1 xen-tools-debuginfo-4.9.4_16-3.83.1 xen-tools-domU-4.9.4_16-3.83.1 xen-tools-domU-debuginfo-4.9.4_16-3.83.1 References: https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-27379.html https://bugzilla.suse.com/1182431 https://bugzilla.suse.com/1182846 . Important security patch issued for SUSE, targeting two significant vulnerabilities in xen, aimed at improving both system integrity and user protection.. SUSE Security Update,Xen Bug Fix,Network Stability Update,OpenStack Security. . Severity: Important. LinuxSecurity.com Team
Apr 19, 2021
•Important
SuSE
202
security advisorysecurity issuesoftware updateopenSUSE Leap 15.1: Security Update for Xen Threat - 2020:2313-1 Moderate
An update that solves 7 vulnerabilities and has two fixes is now available. . openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2313-1 Rating: moderate References: #1027519 #1176782 #1179496 #1179498 #1179501 #1179502 #1179506 #1179514 #1179516 Cross-References: CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2313=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): xen-debugsource-4.12.4_06-lp151.2.36.1 xen-devel-4.12.4_06-lp151.2.36.1 xen-libs-4.12.4_06-lp151.2.36.1 xen-libs-debuginfo-4.12.4_06-lp151.2.36.1 xen-tools-domU-4.12.4_06-lp151.2.36.1 xen-tools-domU-debuginfo-4.12.4_06-lp151.2.36.1 - openSUSE Leap 15.1 (x86_64): xen-4.12.4_06-lp151.2.36.1 xen-doc-html-4.12.4_06-lp151.2.36.1 xen-libs-32bit-4.12.4_06-lp151.2.36.1 xen-libs-32bit-debuginfo-4.12.4_06-lp151.2.36.1 xen-tools-4.12.4_06-lp151.2.36.1 xen-tools-debuginfo-4.12.4_06-lp151.2.36.1 References: https://www.suse.com/security/cve/CVE-2020-29480.html https://www.suse.com/security/cve/CVE-2020-29481.html https://www.suse.com/security/cve/CVE-2020-29483.html https://www.suse.com/security/cve/CVE-2020-29484.html https://www.suse.com/security/cve/CVE-2020-29566.html https://www.suse.com/security/cve/CVE-2020-29570.html https://www.suse.com/security/cve/CVE-2020-29571.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1176782 https://bugzilla.suse.com/1179496 https://bugzilla.suse.com/1179498 https://bugzilla.suse.com/1179501 https://bugzilla.suse.com/1179502 https://bugzilla.suse.com/1179506 https://bugzilla.suse.com/1179514 https://bugzilla.suse.com/1179516 _______________________________________________ openSUSE Security Announce mailing list --
Dec 22, 2020
OpenSUSE
89
security advisorykernel updateFedoraFedora 32: FEDORA-2020-920a258c79 Important Kernel Fixes
The 5.8.17 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-920a258c79 2020-11-03 01:29:14.893230 --------------------------------------------------------------------------------Name : kernel Product : Fedora 32 Version : 5.8.17 Release : 200.fc32 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.8.17 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Thu Oct 29 2020 Justin M. Forbes - 5.8.17-200 - Linux v5.8.17 - Fix CVE-2020-27675 (rhbz 1891114 1891115) * Wed Oct 28 2020 Peter Robinson - Fixes for AllWinner wired network issues due to Realtek PHY driver change (rhbz 1889090) --------------------------------------------------------------------------------References: [ 1 ] Bug #1891114 - CVE-2020-27675 kernel: xen: race condition in event-channel removal during the event-handling loop (XSA-331) https://bugzilla.redhat.com/show_bug.cgi?id=1891114 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-920a258c79' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Nov 02, 2020
•Important
Fedora
100
security advisorydenial of servicemoderate severitySUSE: 2018:3332-1 Moderate: Xen Denial Of Service Issues
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3332-1 Rating: moderate References: #1094508 #1103276 #1111014 Cross-References: CVE-2018-15468 CVE-2018-17963 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or"zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2398=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2398=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2398=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2398=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2398=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 -SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_05-43.42.1 xen-debugsource-4.7.6_05-43.42.1 xen-doc-html-4.7.6_05-43.42.1 xen-libs-32bit-4.7.6_05-43.42.1 xen-libs-4.7.6_05-43.42.1 xen-libs-debuginfo-32bit-4.7.6_05-43.42.1 xen-libs-debuginfo-4.7.6_05-43.42.1 xen-tools-4.7.6_05-43.42.1 xen-tools-debuginfo-4.7.6_05-43.42.1 xen-tools-domU-4.7.6_05-43.42.1 xen-tools-domU-debuginfo-4.7.6_05-43.42.1 References: https://www.suse.com/security/cve/CVE-2018-15468.html https://www.suse.com/security/cve/CVE-2018-17963.html https://bugzilla.suse.com/1094508 https://bugzilla.suse.com/1103276 https://bugzilla.suse.com/1111014 _______________________________________________ sle-security-updates mailing list
Oct 23, 2018
•Important
SuSE
100
security advisorydenial of serviceprivilege escalationSUSE: 2017:2319-1 Important: Xen Security High-Risk Issues Fixed
An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes is now available. is now available.. SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2319-1 Rating: important References: #1002573 #1046637 #1047675 #1048920 #1049578 #1051787 #1051788 #1052686 Cross-References: CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guestinstance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675). - bsc#1052686: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230). This non-security issue was fixed: - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1428=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1428=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1428=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): xen-4.5.5_14-22.25.1 xen-debugsource-4.5.5_14-22.25.1 xen-doc-html-4.5.5_14-22.25.1 xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-libs-32bit-4.5.5_14-22.25.1 xen-libs-4.5.5_14-22.25.1 xen-libs-debuginfo-32bit-4.5.5_14-22.25.1 xen-libs-debuginfo-4.5.5_14-22.25.1 xen-tools-4.5.5_14-22.25.1 xen-tools-debuginfo-4.5.5_14-22.25.1 xen-tools-domU-4.5.5_14-22.25.1 xen-tools-domU-debuginfo-4.5.5_14-22.25.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_14-22.25.1 xen-debugsource-4.5.5_14-22.25.1 xen-doc-html-4.5.5_14-22.25.1 xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-libs-32bit-4.5.5_14-22.25.1 xen-libs-4.5.5_14-22.25.1 xen-libs-debuginfo-32bit-4.5.5_14-22.25.1 xen-libs-debuginfo-4.5.5_14-22.25.1 xen-tools-4.5.5_14-22.25.1 xen-tools-debuginfo-4.5.5_14-22.25.1 xen-tools-domU-4.5.5_14-22.25.1 xen-tools-domU-debuginfo-4.5.5_14-22.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_14-22.25.1 xen-debugsource-4.5.5_14-22.25.1 xen-doc-html-4.5.5_14-22.25.1 xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-libs-32bit-4.5.5_14-22.25.1 xen-libs-4.5.5_14-22.25.1 xen-libs-debuginfo-32bit-4.5.5_14-22.25.1 xen-libs-debuginfo-4.5.5_14-22.25.1 xen-tools-4.5.5_14-22.25.1 xen-tools-debuginfo-4.5.5_14-22.25.1 xen-tools-domU-4.5.5_14-22.25.1 xen-tools-domU-debuginfo-4.5.5_14-22.25.1 References: https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-12135.html https://www.suse.com/security/cve/CVE-2017-12137.html https://bugzilla.suse.com/1002573 https://bugzilla.suse.com/1046637 https://bugzilla.suse.com/1047675 https://bugzilla.suse.com/1048920 https://bugzilla.suse.com/1049578 https://bugzilla.suse.com/1051787 https://bugzilla.suse.com/1051788 https://bugzilla.suse.com/1052686 . Important SUSE Security Patch released for xen tackling various vulnerabilities, with remedial measures provided for impacted products.. SUSE Security Update, Xen Patch, Denial of Service, Privilege Escalation, Important Fixes. . Severity: Important. LinuxSecurity.com Team
Sep 01, 2017
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!