openSUSE Build Service

Security update for xen

This update for xen fixes the following issues:

Security issues fixed:

- CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242).
- CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
- CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).
- CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
- CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224).

Bug fixes:

- bsc#1027519: Add upstream patches from January.
- bsc#1087289: Fix xen scheduler crash.

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Submitted by Charles Arnold (charlesa)

Fixed bugs

bnc#1097521

VUL-0: CVE-2018-12891: xen: preemption checks bypassed in x86 PV MM handling (XSA-264)

bnc#1097523

VUL-0: CVE-2018-12892: xen: libxl fails to honour readonly flag on HVM emulated SCSI disks (XSA-266)

bnc#1097522

VUL-0: CVE-2018-12893: xen: x86: #DB exception safety check can be triggered by a guest (XSA-265)

bnc#1096224

VUL-0: CVE-2018-11806: xen: slirp: heap buffer overflow while reassembling fragmented datagrams

bnc#1027519

Xen: Missing upstream bug fixes

bnc#1087289

Xen BUG at sched_credit.c:1663

bnc#1095242

VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore (XSA-267)

Places

Fixed bugs

Selected Binaries

Places