[SUSE-SU-2018:1216-1] Security update for xen

Severity Important

Affected Packages 6

CVEs 3

Security update for xen

This update for xen fixes several issues.

These security issues were fixed:

CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820)
Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822)
Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152).
CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635).

These non-security issues were fixed:

Package	Affected Version
pkg:rpm/suse/xen?arch=x86_64&distro=sles-12&sp=2	< 4.7.5_02-43.30.1
pkg:rpm/suse/xen-tools?arch=x86_64&distro=sles-12&sp=2	< 4.7.5_02-43.30.1
pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=sles-12&sp=2	< 4.7.5_02-43.30.1
pkg:rpm/suse/xen-libs?arch=x86_64&distro=sles-12&sp=2	< 4.7.5_02-43.30.1
pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=sles-12&sp=2	< 4.7.5_02-43.30.1
pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=sles-12&sp=2	< 4.7.5_02-43.30.1

ID

SUSE-SU-2018:1216-1

Severity

important

URL

Published

2018-05-11T07:58:54
(6 years ago)

Modified

2018-05-11T07:58:54
(6 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1216-1.json
Suse	URL for SUSE-SU-2018:1216-1	https://www.suse.com/support/update/announcement/2018/suse-su-20181216-1/
Suse	E-Mail link for SUSE-SU-2018:1216-1	https://lists.suse.com/pipermail/sle-security-updates/2018-May/003995.html
Bugzilla	SUSE Bug 1027519	https://bugzilla.suse.com/1027519
Bugzilla	SUSE Bug 1086039	https://bugzilla.suse.com/1086039
Bugzilla	SUSE Bug 1089152	https://bugzilla.suse.com/1089152
Bugzilla	SUSE Bug 1089635	https://bugzilla.suse.com/1089635
Bugzilla	SUSE Bug 1090820	https://bugzilla.suse.com/1090820
Bugzilla	SUSE Bug 1090822	https://bugzilla.suse.com/1090822
Bugzilla	SUSE Bug 1090823	https://bugzilla.suse.com/1090823
CVE	SUSE CVE CVE-2018-10471 page	https://www.suse.com/security/cve/CVE-2018-10471/
CVE	SUSE CVE CVE-2018-10472 page	https://www.suse.com/security/cve/CVE-2018-10472/
CVE	SUSE CVE CVE-2018-8897 page	https://www.suse.com/security/cve/CVE-2018-8897/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/xen?arch=x86_64&distro=sles-12&sp=2	suse	xen	< 4.7.5_02-43.30.1	sles-12	x86_64
Affected	pkg:rpm/suse/xen-tools?arch=x86_64&distro=sles-12&sp=2	suse	xen-tools	< 4.7.5_02-43.30.1	sles-12	x86_64
Affected	pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=sles-12&sp=2	suse	xen-tools-domU	< 4.7.5_02-43.30.1	sles-12	x86_64
Affected	pkg:rpm/suse/xen-libs?arch=x86_64&distro=sles-12&sp=2	suse	xen-libs	< 4.7.5_02-43.30.1	sles-12	x86_64
Affected	pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=sles-12&sp=2	suse	xen-libs-32bit	< 4.7.5_02-43.30.1	sles-12	x86_64
Affected	pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=sles-12&sp=2	suse	xen-doc-html	< 4.7.5_02-43.30.1	sles-12	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date