SUSE-SU-2019:14201-1

Advisory lineage Upstream: 12 Downstream: 0
Published: 25 Oct 2019, 12:28
Last modified:04 Feb 2026, 04:32

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Oct 2019, 12:28
Published
Vulnerability first disclosed
04 Feb 2026, 04:32
Last Modified
Vulnerability information updated

Description

Security update for xen This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).

Affected Systems

  • susexen&distro=SUSE Linux Enterprise Point of Sale 11 SP3

    < 4.2.5_21-45.33.1

References (25)