OPENSUSE-SU-2019:2059-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ipreass on big packet input bsc1143794. - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources bsc1135902. - CVE-2019-13164: Security fi...

openSUSE Security Update : qemu (openSUSE-2019-2059)

This update for qemu fixes the following issues : Security issues fixed : - CVE-2019-14378: Security fix for heap overflow in ipreass on big packet input bsc1143794. - CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources bsc1135902. - CVE-2019-13164: Security...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:2059-1 Rating: important References: 1079730 1098403 1111025 1119115 1134883 1135902 1136540 1136778 1140402 1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: openSUSE Leap...

OPENSUSE-SU-2019:2041-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ipreass on big packet input bsc1143794. - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources bsc1135902. - CVE-2019-13164: Security fi...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2246-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ipreass on big packet input bsc1143794. CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources bsc1135902. CVE-2019-13164: Security fix fo...

SUSE-SU-2019:2227-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

SUSE-SU-2019:2227-2 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2192-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2019-14378: Security fix for heap overflow in ipreass on big packet input bsc1143794. CVE-2019-12155: Security fix for NULL pointer dereference while releasing spice resources bsc1135902. CVE-2019-13164: Security fix fo...

openSUSE Security Update : qemu (openSUSE-2019-1274)

This update for qemu fixes the following issues : Security issues fixed : - CVE-2019-9824: Fixed information leak in slirp bsc1129622. - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 hostinformation bsc1126455. - CVE-2019-3812: Fixed Out-of-bounds memory access and...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:1274-1 Rating: important References: 1118900 1125721 1126455 1129622 1130675 1131955 Cross-References: CVE-2018-20815 CVE-2019-3812 CVE-2019-8934 CVE-2019-9824 Affected Products: openSUSE Leap 42.3 An update that...

The vulnerability of the vcpu_scan_ioapic function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the vcpuscanioapic function arch/x86/kvm/x86.c in the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure due to a system call to the Kernel-Based Virtual Machine KVM...

DEBIAN-CVE-2018-19407

The vcpuscanioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service NULL pointer dereference and BUG via crafted system calls that reach a situation where ioapic is uninitialized...

Linux kernel denial of service vulnerability (CNVD-2018-26910)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in the vcpuscanioapic function in arch/x86/kvm/x86.c in the Linux kernel. A...

Overcommitting pCPUs on individual XenServer VMs

Citrix recommends that you do not run a VM with more virtual CPUs vCPUs than the number physical CPUs pCPUs available on the XenServer host. The number of pCPUs available to XenServer can change even after the installation of VMs. For example, through actual hardware changes, changes in the BIOS...

Design/Logic Flaw

An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions...

CVE-2018-12891

An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions...

preemption checks bypassed in x86 PV MM handling

ISSUE DESCRIPTION Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table...

OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)

The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...

openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown)

This update for xen to version 4.9.2 fixes several issues. This feature was added : - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed : - CVE-2018-8897: Prevent...