Oval Definition:oval:org.opensuse.security:def:85042
Revision Date:2018-12-11Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Security issues fixed:

- CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-18883: Fixed a NULL pointer dereference that could have been triggered by nested VT-x that where not properly restricted (XSA-278)(bsc#1114405). - CVE-2018-19965: Fixed denial of service issue from attempting to use INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).

Non-security issues fixed:

- Added upstream bug fixes (bsc#1027519). - Fixed XEN SLE12-SP1 domU hang on SLE12-SP3 HV (bsc#1108940).
Family:unixClass:patch
Status:Reference(s):1027519
1108940
1114405
1114423
1115040
1115045
1115047
CVE-2018-18849
CVE-2018-18883
CVE-2018-19961
CVE-2018-19962
CVE-2018-19965
CVE-2018-19966
SUSE-SU-2018:4070-1
Platform(s):SUSE Linux Enterprise Server 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • xen-4.9.3_03-3.47.1 is installed
  • OR xen-doc-html-4.9.3_03-3.47.1 is installed
  • OR xen-libs-4.9.3_03-3.47.1 is installed
  • OR xen-libs-32bit-4.9.3_03-3.47.1 is installed
  • OR xen-tools-4.9.3_03-3.47.1 is installed
  • OR xen-tools-domU-4.9.3_03-3.47.1 is installed
  • BACK