SUSE-SU-2018:2037-1

Description

Security update for xen This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12617: Fix integer overflow that causes segmentation fault in qmp_guest_file_read() with g_malloc() (bsc#1098744). - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). Bug fixes: - bsc#1079730: Fix failed 'write' lock. - bsc#1027519: Add upstream patches from January.

Affected Systems

• suse•xen&distro=SUSE Linux Enterprise Server 11 SP4

  < 4.4.4_34-61.32.1

• suse•xen&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4

  < 4.4.4_34-61.32.1

• suse•xen&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

  < 4.4.4_34-61.32.1

References (13)

• https://www.suse.com/support/update/announcement/2018/suse-su-20182037-1/
• https://bugzilla.suse.com/1027519
• https://bugzilla.suse.com/1079730
• https://bugzilla.suse.com/1095242
• https://bugzilla.suse.com/1096224
• https://bugzilla.suse.com/1097521
• https://bugzilla.suse.com/1097522
• https://bugzilla.suse.com/1098744
• https://www.suse.com/security/cve/CVE-2018-11806
• https://www.suse.com/security/cve/CVE-2018-12617
• https://www.suse.com/security/cve/CVE-2018-12891
• https://www.suse.com/security/cve/CVE-2018-12893
• https://www.suse.com/security/cve/CVE-2018-3665