Lucene search

K
suseSuseOPENSUSE-SU-2019:1226-1
HistoryApr 17, 2019 - 12:00 a.m.

Security update for xen (important)

2019-04-1700:00:00
lists.opensuse.org
118

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.8%

An update that solves 8 vulnerabilities and has 15 fixes is
now available.

Description:

This update for xen fixes the following issues:

Security issues fixed:

  • CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the
    host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)
  • CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp
    (bsc#1123157).
  • Fixed an issue which could allow malicious or buggy guests with passed
    through PCI devices to be able to escalate their privileges, crash the
    host, or access data belonging to other guests. Additionally memory
    leaks were also possible (bsc#1126140).
  • Fixed a race condition issue which could allow malicious PV guests to
    escalate their privilege to that
    of the hypervisor (bsc#1126141).
  • Fixed an issue which could allow a malicious unprivileged guest
    userspace process to escalate its privilege to that of other userspace
    processes in the same guest and potentially thereby to that
    of the guest operating system (bsc#1126201).
  • CVE-2019-9824: Fixed an information leak in SLiRP networking
    implementation which could allow a user/process to read uninitialised
    stack memory contents (bsc#1129623).
  • CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /
    improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).
  • CVE-2018-19965: Fixed denial of service issue from attempting to use
    INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).
  • CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused
    conflicts with shadow paging (XSA-280)(bsc#1115047).
  • Fixed an issue which could allow malicious PV guests may cause a host
    crash or gain access to data pertaining to other guests.Additionally,
    vulnerable configurations are likely to be unstable even in the absence
    of an attack (bsc#1126198).
  • Fixed multiple access violations introduced by XENMEM_exchange hypercall
    which could allow a single PV guest to leak arbitrary amounts of memory,
    leading to a denial of service (bsc#1126192).
  • Fixed an issue which could allow malicious 64bit PV guests to cause a
    host crash (bsc#1127400).
  • Fixed an issue which could allow malicious or buggy x86 PV guest kernels
    to mount a Denial of Service attack affecting the whole system
    (bsc#1126197).
  • Fixed an issue which could allow an untrusted PV domain with access to a
    physical device to DMA into its own pagetables leading to privilege
    escalation (bsc#1126195).
  • Fixed an issue which could allow a malicious or buggy x86 PV guest
    kernels can mount a Denial of Service attack affecting the whole system
    (bsc#1126196).

Other issues addressed:

  • Upstream bug fixes (bsc#1027519)
  • Fixed an issue where live migrations were failing when spectre was
    enabled on xen boot cmdline (bsc#1116380).
  • Fixed an issue where setup of grant_tables and other variables may fail
    (bsc#1126325).
  • Fixed a building issue (bsc#1119161).
  • Fixed an issue where xpti=no-dom0 was not working as expected
    (bsc#1105528).
  • Packages should no longer use /var/adm/fillup-templates (bsc#1069468).
  • Added Xen cmdline option “suse_vtsc_tolerance” to avoid TSC emulation
    for HVM domUs (bsc#1026236).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 42.3:

    zypper in -t patch openSUSE-2019-1226=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.3i586< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.i586.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (i586 x86_64):- openSUSE Leap 42.3 (i586 x86_64):.x86_64.rpm
openSUSE Leap42.3x86_64< - openSUSE Leap 42.3 (x86_64):- openSUSE Leap 42.3 (x86_64):.x86_64.rpm

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.8%