SUSE-SU-2018:1981-1
Vulnerability Summary
Timeline
Description
Security update for xen This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1027519: Add upstream patches from January. - bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. - bsc#1087289: Fix xen scheduler crash.
Affected Systems
- suse•xen&distro=SUSE Linux Enterprise Module for Basesystem 15
< 4.10.1_06-3.3.1
- suse•xen&distro=SUSE Linux Enterprise Module for Server Applications 15
< 4.10.1_06-3.3.1
References (13)
- https://www.suse.com/support/update/announcement/2018/suse-su-20181981-1/
- https://bugzilla.suse.com/1027519
- https://bugzilla.suse.com/1079730
- https://bugzilla.suse.com/1087289
- https://bugzilla.suse.com/1095242
- https://bugzilla.suse.com/1097521
- https://bugzilla.suse.com/1097522
- https://bugzilla.suse.com/1097523
- https://bugzilla.suse.com/1098403
- https://www.suse.com/security/cve/CVE-2018-12891
- https://www.suse.com/security/cve/CVE-2018-12892
- https://www.suse.com/security/cve/CVE-2018-12893
- https://www.suse.com/security/cve/CVE-2018-3665