Описание
Security update for xen
This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Список пакетов
Image SLES12-SP4-EC2-HVM-BYOS
Image SLES12-SP4-SAP-EC2-HVM
Image SLES12-SP4-SAP-EC2-HVM-BYOS
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
Ссылки
- Link for SUSE-SU-2019:2753-1
- E-Mail link for SUSE-SU-2019:2753-1
- SUSE Security Ratings
- SUSE Bug 1027519
- SUSE Bug 1111331
- SUSE Bug 1126140
- SUSE Bug 1126141
- SUSE Bug 1126192
- SUSE Bug 1126195
- SUSE Bug 1126196
- SUSE Bug 1126197
- SUSE Bug 1126198
- SUSE Bug 1126201
- SUSE Bug 1127400
- SUSE Bug 1129642
- SUSE Bug 1131811
- SUSE Bug 1137717
- SUSE Bug 1138294
- SUSE Bug 1143797
- SUSE Bug 1145240
Описание
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2018-12126
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1135409
- SUSE Bug 1135524
- SUSE Bug 1137916
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1149725
- SUSE Bug 1149726
- SUSE Bug 1149729
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2018-12127
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1135409
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2018-12130
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1135409
- SUSE Bug 1137916
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2019-11091
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1133319
- SUSE Bug 1135394
- SUSE Bug 1138043
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Затронутые продукты
Ссылки
- CVE-2019-12068
- SUSE Bug 1146873
- SUSE Bug 1146874
- SUSE Bug 1178658
Описание
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Затронутые продукты
Ссылки
- CVE-2019-14378
- SUSE Bug 1143794
- SUSE Bug 1143797
- SUSE Bug 1178658
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
Затронутые продукты
Ссылки
- CVE-2019-17340
- SUSE Bug 1126140
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
Затронутые продукты
Ссылки
- CVE-2019-17341
- SUSE Bug 1126141
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
Затронутые продукты
Ссылки
- CVE-2019-17342
- SUSE Bug 1126192
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
Затронутые продукты
Ссылки
- CVE-2019-17343
- SUSE Bug 1126195
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
Затронутые продукты
Ссылки
- CVE-2019-17344
- SUSE Bug 1126196
- SUSE Bug 1178658
Описание
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
Затронутые продукты
Ссылки
- CVE-2019-17345
- SUSE Bug 1126197
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
Затронутые продукты
Ссылки
- CVE-2019-17346
- SUSE Bug 1126198
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
Затронутые продукты
Ссылки
- CVE-2019-17347
- SUSE Bug 1126201
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
Затронутые продукты
Ссылки
- CVE-2019-17348
- SUSE Bug 1127400