Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).
Список пакетов
SUSE Enterprise Storage 4
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE OpenStack Cloud 7
Ссылки
- Link for SUSE-SU-2019:2783-1
- E-Mail link for SUSE-SU-2019:2783-1
- SUSE Security Ratings
- SUSE Bug 1126140
- SUSE Bug 1126141
- SUSE Bug 1126192
- SUSE Bug 1126195
- SUSE Bug 1126196
- SUSE Bug 1126198
- SUSE Bug 1126201
- SUSE Bug 1127400
- SUSE Bug 1143797
- SUSE Bug 1146874
- SUSE Bug 1149813
- SUSE CVE CVE-2019-12068 page
- SUSE CVE CVE-2019-14378 page
- SUSE CVE CVE-2019-15890 page
- SUSE CVE CVE-2019-17340 page
- SUSE CVE CVE-2019-17341 page
- SUSE CVE CVE-2019-17342 page
Описание
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Затронутые продукты
Ссылки
- CVE-2019-12068
- SUSE Bug 1146873
- SUSE Bug 1146874
- SUSE Bug 1178658
Описание
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Затронутые продукты
Ссылки
- CVE-2019-14378
- SUSE Bug 1143794
- SUSE Bug 1143797
- SUSE Bug 1178658
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
Затронутые продукты
Ссылки
- CVE-2019-17340
- SUSE Bug 1126140
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
Затронутые продукты
Ссылки
- CVE-2019-17341
- SUSE Bug 1126141
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
Затронутые продукты
Ссылки
- CVE-2019-17342
- SUSE Bug 1126192
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
Затронутые продукты
Ссылки
- CVE-2019-17343
- SUSE Bug 1126195
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
Затронутые продукты
Ссылки
- CVE-2019-17344
- SUSE Bug 1126196
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
Затронутые продукты
Ссылки
- CVE-2019-17346
- SUSE Bug 1126198
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
Затронутые продукты
Ссылки
- CVE-2019-17347
- SUSE Bug 1126201
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
Затронутые продукты
Ссылки
- CVE-2019-17348
- SUSE Bug 1127400