[SUSE-SU-2018:0609-1] Security update for xen
Severity
Important
Affected Packages
7
CVEs
10
Security update for xen
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032)
- CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116).
- CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180).
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081)
- CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158).
- CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159).
- CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160).
- CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163).
- Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635).
- Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662).
This non-security issue was fixed:
- bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up
Package | Affected Version |
---|---|
pkg:rpm/suse/xen?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24-22.43.1 |
pkg:rpm/suse/xen-tools?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24-22.43.1 |
pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24-22.43.1 |
pkg:rpm/suse/xen-libs?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24-22.43.1 |
pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24-22.43.1 |
pkg:rpm/suse/xen-kmp-default?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24_k3.12.74_60.64.82-22.43.1 |
pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=sles-12&sp=1 | < 4.5.5_24-22.43.1 |
- ID
- SUSE-SU-2018:0609-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2018/suse-su-20180609-1/
- Published
-
2018-03-05T16:46:43
(6 years ago) - Modified
-
2018-03-05T16:46:43
(6 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2018-1034
- ALAS-2018-939
- ALAS-2018-942
- ALAS-2018-956
- ALAS2-2018-1034
- ALAS2-2018-939
- ALAS2-2018-942
- ALAS2-2018-952
- ALAS2-2018-953
- ALAS2-2018-956
- ALAS2-2018-962
- ALPINE:CVE-2017-15595
- ALPINE:CVE-2017-17563
- ALPINE:CVE-2017-17564
- ALPINE:CVE-2017-17565
- ALPINE:CVE-2017-17566
- ALPINE:CVE-2017-5715
- ALPINE:CVE-2017-5753
- ALPINE:CVE-2017-5754
- ASA-201801-1
- ASA-201801-10
- ASA-201801-3
- ASA-201801-4
- ASA-201801-6
- CISCO-SA-20180104-CPUSIDECHANNEL
- DSA-4050-1
- DSA-4078-1
- DSA-4082-1
- DSA-4112-1
- DSA-4120-1
- DSA-4187-1
- DSA-4188-1
- DSA-4201-1
- DSA-4213-1
- ELSA-2018-0007
- ELSA-2018-0008
- ELSA-2018-0012
- ELSA-2018-0013
- ELSA-2018-0023
- ELSA-2018-0024
- ELSA-2018-0029
- ELSA-2018-0030
- ELSA-2018-0292
- ELSA-2018-0816
- ELSA-2018-1196
- ELSA-2018-2162
- ELSA-2018-4004
- ELSA-2018-4006
- ELSA-2018-4020
- ELSA-2018-4022
- ELSA-2018-4025
- ELSA-2018-4285
- ELSA-2018-4289
- ELSA-2019-4585
- ELSA-2019-4668
- ELSA-2019-4710
- ELSA-2019-4785
- FEDORA-2017-16a414b3c5
- FEDORA-2017-2500a024ef
- FEDORA-2017-5945560816
- FEDORA-2017-5bcddc1984
- FEDORA-2017-c31799ee4a
- FEDORA-2017-c432db2971
- FEDORA-2017-d4709b0d8b
- FEDORA-2017-f2577f2108
- FEDORA-2018-0590e4af13
- FEDORA-2018-1a467757ce
- FEDORA-2018-2b053454a4
- FEDORA-2018-604574c943
- FEDORA-2018-690989736a
- FEDORA-2018-6c1be5e1c8
- FEDORA-2018-7cd077ddd3
- FEDORA-2018-915602df63
- FEDORA-2018-98684f429b
- FEDORA-2018-9f02e5ed7b
- FEDORA-2018-aec846c0ef
- FEDORA-2018-eb69078020
- FEDORA-2018-f20a0cead5
- FEDORA-2018-fe24359b69
- FREEBSD:1CE95BC7-3278-11E8-B527-00012E582166
- FREEBSD:74DAA370-2797-11E8-95EC-A4BADB2F4699
- FREEBSD:FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9
- GLSA-201801-14
- GLSA-201804-08
- GLSA-201810-06
- openSUSE-SU-2021:1212-1
- openSUSE-SU-2021:2861-1
- RHBA-2018:0042
- RHSA-2018:0016
- RHSA-2018:0023
- RHSA-2018:0151
- RHSA-2018:0512
- RHSA-2018:0816
- RHSA-2018:1062
- RHSA-2018:1319
- RHSA-2018:2162
- SSA:2018-016-01
- SSA:2018-037-01
- SSA:2018-057-01
- SUSE-SU-2017:2812-1
- SUSE-SU-2017:2815-1
- SUSE-SU-2017:2856-1
- SUSE-SU-2017:2864-1
- SUSE-SU-2017:2873-1
- SUSE-SU-2017:3212-1
- SUSE-SU-2017:3236-1
- SUSE-SU-2017:3239-1
- SUSE-SU-2017:3242-1
- SUSE-SU-2018:0007-1
- SUSE-SU-2018:0008-1
- SUSE-SU-2018:0010-1
- SUSE-SU-2018:0011-1
- SUSE-SU-2018:0012-1
- SUSE-SU-2018:0019-1
- SUSE-SU-2018:0020-1
- SUSE-SU-2018:0031-1
- SUSE-SU-2018:0036-1
- SUSE-SU-2018:0039-1
- SUSE-SU-2018:0040-1
- SUSE-SU-2018:0041-1
- SUSE-SU-2018:0051-1
- SUSE-SU-2018:0056-1
- SUSE-SU-2018:0068-1
- SUSE-SU-2018:0069-1
- SUSE-SU-2018:0113-1
- SUSE-SU-2018:0114-1
- SUSE-SU-2018:0115-1
- SUSE-SU-2018:0131-1
- SUSE-SU-2018:0171-1
- SUSE-SU-2018:0180-1
- SUSE-SU-2018:0213-1
- SUSE-SU-2018:0219-1
- SUSE-SU-2018:0285-1
- SUSE-SU-2018:0383-1
- SUSE-SU-2018:0416-1
- SUSE-SU-2018:0437-1
- SUSE-SU-2018:0438-1
- SUSE-SU-2018:0472-1
- SUSE-SU-2018:0482-1
- SUSE-SU-2018:0525-1
- SUSE-SU-2018:0552-1
- SUSE-SU-2018:0552-2
- SUSE-SU-2018:0555-1
- SUSE-SU-2018:0601-1
- SUSE-SU-2018:0638-1
- SUSE-SU-2018:0660-1
- SUSE-SU-2018:0678-1
- SUSE-SU-2018:0705-1
- SUSE-SU-2018:0708-1
- SUSE-SU-2018:0757-1
- SUSE-SU-2018:0762-1
- SUSE-SU-2018:0831-1
- SUSE-SU-2018:0838-1
- SUSE-SU-2018:0841-1
- SUSE-SU-2018:0861-1
- SUSE-SU-2018:0909-1
- SUSE-SU-2018:0920-1
- SUSE-SU-2018:0986-1
- SUSE-SU-2018:1077-1
- SUSE-SU-2018:1080-1
- SUSE-SU-2018:1295-1
- SUSE-SU-2018:1308-1
- SUSE-SU-2018:1363-1
- SUSE-SU-2018:1368-1
- SUSE-SU-2018:1376-1
- SUSE-SU-2018:1386-1
- SUSE-SU-2018:1465-1
- SUSE-SU-2018:1486-1
- SUSE-SU-2018:1498-1
- SUSE-SU-2018:1503-1
- SUSE-SU-2018:1567-1
- SUSE-SU-2018:1570-1
- SUSE-SU-2018:1571-1
- SUSE-SU-2018:1571-2
- SUSE-SU-2018:1603-1
- SUSE-SU-2018:1658-1
- SUSE-SU-2018:1699-1
- SUSE-SU-2018:1699-2
- SUSE-SU-2018:1759-1
- SUSE-SU-2018:1784-1
- SUSE-SU-2018:1822-1
- SUSE-SU-2018:2082-1
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:2141-1
- SUSE-SU-2018:2150-1
- SUSE-SU-2018:2189-1
- SUSE-SU-2018:2222-1
- SUSE-SU-2018:2528-1
- SUSE-SU-2018:2631-1
- SUSE-SU-2018:2631-2
- SUSE-SU-2018:3230-1
- SUSE-SU-2019:0222-1
- SUSE-SU-2019:0765-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2021:2861-1
- SUSE-SU-2021:2862-1
- SUSE-SU-2021:3929-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:1800-1
- SUSE-SU-2023:1801-1
- SUSE-SU-2023:1802-1
- SUSE-SU-2023:1803-1
- SUSE-SU-2023:1811-1
- SUSE-SU-2023:1848-1
- SUSE-SU-2023:1892-1
- SUSE-SU-2023:1894-1
- SUSE-SU-2023:1897-1
- SUSE-SU-2023:1992-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2023:2506-1
- SUSE-SU-2023:2805-1
- USN-3516-1
- USN-3521-1
- USN-3522-1
- USN-3522-2
- USN-3523-1
- USN-3523-2
- USN-3524-1
- USN-3524-2
- USN-3525-1
- USN-3530-1
- USN-3531-1
- USN-3531-3
- USN-3540-1
- USN-3540-2
- USN-3541-1
- USN-3541-2
- USN-3542-1
- USN-3542-2
- USN-3549-1
- USN-3560-1
- USN-3561-1
- USN-3575-1
- USN-3580-1
- USN-3581-1
- USN-3581-2
- USN-3582-1
- USN-3582-2
- USN-3583-1
- USN-3594-1
- USN-3597-1
- USN-3597-2
- USN-3620-2
- USN-3690-1
- USN-3777-3
- VU:584653
- XSA-240
- XSA-248
- XSA-249
- XSA-250
- XSA-251
- XSA-254
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/xen?arch=x86_64&distro=sles-12&sp=1 | suse | xen | < 4.5.5_24-22.43.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/xen-tools?arch=x86_64&distro=sles-12&sp=1 | suse | xen-tools | < 4.5.5_24-22.43.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=sles-12&sp=1 | suse | xen-tools-domU | < 4.5.5_24-22.43.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=sles-12&sp=1 | suse | xen-libs | < 4.5.5_24-22.43.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=sles-12&sp=1 | suse | xen-libs-32bit | < 4.5.5_24-22.43.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/xen-kmp-default?arch=x86_64&distro=sles-12&sp=1 | suse | xen-kmp-default | < 4.5.5_24_k3.12.74_60.64.82-22.43.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=sles-12&sp=1 | suse | xen-doc-html | < 4.5.5_24-22.43.1 | sles-12 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |