SUSE-SU-2019:2753-1
Vulnerability Summary
Timeline
Description
Security update for xen This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). - Fixed an issue where libxenlight could not create new domain (bsc#1131811). - Fixed an issue where attached pci devices were lost after reboot (bsc#1129642). - Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Affected Systems
- suse•xen&distro=SUSE Linux Enterprise Desktop 12 SP4
< 4.11.2_02-2.14.2
- suse•xen&distro=SUSE Linux Enterprise Server 12 SP4
< 4.11.2_02-2.14.2
- suse•xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
< 4.11.2_02-2.14.2
- suse•xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
< 4.11.2_02-2.14.2
References (37)
- https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/
- https://bugzilla.suse.com/1027519
- https://bugzilla.suse.com/1111331
- https://bugzilla.suse.com/1126140
- https://bugzilla.suse.com/1126141
- https://bugzilla.suse.com/1126192
- https://bugzilla.suse.com/1126195
- https://bugzilla.suse.com/1126196
- https://bugzilla.suse.com/1126197
- https://bugzilla.suse.com/1126198
- https://bugzilla.suse.com/1126201
- https://bugzilla.suse.com/1127400
- https://bugzilla.suse.com/1129642
- https://bugzilla.suse.com/1131811
- https://bugzilla.suse.com/1137717
- https://bugzilla.suse.com/1138294
- https://bugzilla.suse.com/1143797
- https://bugzilla.suse.com/1145240
- https://bugzilla.suse.com/1145774
- https://bugzilla.suse.com/1146874
- https://bugzilla.suse.com/1149813
- https://www.suse.com/security/cve/CVE-2018-12126
- https://www.suse.com/security/cve/CVE-2018-12127
- https://www.suse.com/security/cve/CVE-2018-12130
- https://www.suse.com/security/cve/CVE-2019-11091
- https://www.suse.com/security/cve/CVE-2019-12068
- https://www.suse.com/security/cve/CVE-2019-14378
- https://www.suse.com/security/cve/CVE-2019-15890
- https://www.suse.com/security/cve/CVE-2019-17340
- https://www.suse.com/security/cve/CVE-2019-17341
- https://www.suse.com/security/cve/CVE-2019-17342
- https://www.suse.com/security/cve/CVE-2019-17343
- https://www.suse.com/security/cve/CVE-2019-17344
- https://www.suse.com/security/cve/CVE-2019-17345
- https://www.suse.com/security/cve/CVE-2019-17346
- https://www.suse.com/security/cve/CVE-2019-17347
- https://www.suse.com/security/cve/CVE-2019-17348