Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:13921-1

Опубликовано: 02 янв. 2019
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Security vulnerabilities fixed:

  • CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040)
  • CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045)
  • CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047)
  • CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)
  • CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756).
  • CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423)
  • Fixed an integer overflow in ccid_card_vscard_read(), which allowed for memory corruption. (bsc#1112188)
  • CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336)
  • CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007)
  • CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011)
  • CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014)
  • CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924)

Other bugs fixed:

  • Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)
  • Upstream bug fixes (bsc#1027519)
  • Fixed crashing VMs when migrating between dom0 hosts (bsc#1031382)
  • Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
xen-4.4.4_38-61.40.1
xen-doc-html-4.4.4_38-61.40.1
xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
xen-libs-4.4.4_38-61.40.1
xen-libs-32bit-4.4.4_38-61.40.1
xen-tools-4.4.4_38-61.40.1
xen-tools-domU-4.4.4_38-61.40.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xen-4.4.4_38-61.40.1
xen-doc-html-4.4.4_38-61.40.1
xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
xen-libs-4.4.4_38-61.40.1
xen-libs-32bit-4.4.4_38-61.40.1
xen-tools-4.4.4_38-61.40.1
xen-tools-domU-4.4.4_38-61.40.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xen-devel-4.4.4_38-61.40.1

Ссылки

Описание

QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки

Описание

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xen-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-doc-html-4.4.4_38-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1
SUSE Linux Enterprise Server 11 SP4:xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1
Ссылки
Уязвимость SUSE-SU-2019:13921-1