Описание
Security update for xen
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).
Other issue fixed:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2019:2769-1
- E-Mail link for SUSE-SU-2019:2769-1
- SUSE Security Ratings
- SUSE Bug 1126140
- SUSE Bug 1126141
- SUSE Bug 1126192
- SUSE Bug 1126195
- SUSE Bug 1126196
- SUSE Bug 1126197
- SUSE Bug 1126198
- SUSE Bug 1126201
- SUSE Bug 1127400
- SUSE Bug 1133818
- SUSE Bug 1143797
- SUSE Bug 1146874
- SUSE Bug 1149813
- SUSE CVE CVE-2018-12126 page
- SUSE CVE CVE-2018-12127 page
- SUSE CVE CVE-2018-12130 page
- SUSE CVE CVE-2019-11091 page
Описание
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2018-12126
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1135409
- SUSE Bug 1135524
- SUSE Bug 1137916
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1149725
- SUSE Bug 1149726
- SUSE Bug 1149729
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2018-12127
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1135409
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2018-12130
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1135409
- SUSE Bug 1137916
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Затронутые продукты
Ссылки
- CVE-2019-11091
- SUSE Bug 1103186
- SUSE Bug 1111331
- SUSE Bug 1132686
- SUSE Bug 1133319
- SUSE Bug 1135394
- SUSE Bug 1138043
- SUSE Bug 1138534
- SUSE Bug 1141977
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Затронутые продукты
Ссылки
- CVE-2019-12068
- SUSE Bug 1146873
- SUSE Bug 1146874
- SUSE Bug 1178658
Описание
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Затронутые продукты
Ссылки
- CVE-2019-14378
- SUSE Bug 1143794
- SUSE Bug 1143797
- SUSE Bug 1178658
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
Затронутые продукты
Ссылки
- CVE-2019-17340
- SUSE Bug 1126140
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
Затронутые продукты
Ссылки
- CVE-2019-17341
- SUSE Bug 1126141
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
Затронутые продукты
Ссылки
- CVE-2019-17342
- SUSE Bug 1126192
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
Затронутые продукты
Ссылки
- CVE-2019-17343
- SUSE Bug 1126195
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
Затронутые продукты
Ссылки
- CVE-2019-17344
- SUSE Bug 1126196
- SUSE Bug 1178658
Описание
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
Затронутые продукты
Ссылки
- CVE-2019-17345
- SUSE Bug 1126197
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
Затронутые продукты
Ссылки
- CVE-2019-17346
- SUSE Bug 1126198
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
Затронутые продукты
Ссылки
- CVE-2019-17347
- SUSE Bug 1126201
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
Затронутые продукты
Ссылки
- CVE-2019-17348
- SUSE Bug 1127400