SUSE-SU-2018:2059-1
Vulnerability Summary
Timeline
Description
Security update for xen This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). Bug fixes: - bsc#1027519: Add upstream patches from January. - bsc#1087289: Fix xen scheduler crash.
Affected Systems
- suse•xen&distro=SUSE Linux Enterprise Desktop 12 SP3
< 4.9.2_08-3.35.2
- suse•xen&distro=SUSE Linux Enterprise Server 12 SP3
< 4.9.2_08-3.35.2
- suse•xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
< 4.9.2_08-3.35.2
- suse•xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
< 4.9.2_08-3.35.2
References (13)
- https://www.suse.com/support/update/announcement/2018/suse-su-20182059-1/
- https://bugzilla.suse.com/1027519
- https://bugzilla.suse.com/1087289
- https://bugzilla.suse.com/1095242
- https://bugzilla.suse.com/1096224
- https://bugzilla.suse.com/1097521
- https://bugzilla.suse.com/1097522
- https://bugzilla.suse.com/1097523
- https://www.suse.com/security/cve/CVE-2018-11806
- https://www.suse.com/security/cve/CVE-2018-12891
- https://www.suse.com/security/cve/CVE-2018-12892
- https://www.suse.com/security/cve/CVE-2018-12893
- https://www.suse.com/security/cve/CVE-2018-3665