Overview

File _patchinfo of Package patchinfo.12882

<patchinfo incident="12882">
  <issue tracker="bnc" id="1126195">VUL-0: CVE-2019-17343: xen: XSA-288: x86: Inconsistent PV IOMMU discipline</issue>
  <issue tracker="bnc" id="1126196">VUL-0: CVE-2019-17344: xen: XSA-290: missing preemption in x86 PV page table unvalidation</issue>
  <issue tracker="bnc" id="1149813">VUL-0: CVE-2019-15890: xen: use-after-free during packet reassembly</issue>
  <issue tracker="bnc" id="1127400">VUL-0: CVE-2019-17348: xen: XSA-294: x86 shadow: Insufficient TLB flushing when using PCID</issue>
  <issue tracker="bnc" id="1143797">VUL-0: CVE-2019-14378: xen:  heap buffer overflow during packet reassembly in slirp networking implementation</issue>
  <issue tracker="bnc" id="1126192">VUL-0: CVE-2019-17342: xen: XSA-287: x86: steal_page violates page_struct access discipline</issue>
  <issue tracker="bnc" id="1126198">VUL-0: CVE-2019-17346: xen: XSA-292: x86: insufficient TLB flushing when using PCID</issue>
  <issue tracker="bnc" id="1126140">VUL-0: CVE-2019-17340: xen: XSA-284: grant table transfer issues on large hosts</issue>
  <issue tracker="bnc" id="1146874">VUL-0: CVE-2019-12068: xen: infinite loop while executing script</issue>
  <issue tracker="bnc" id="1126201">VUL-0: CVE-2019-17347: xen: XSA-293: x86: PV kernel context switch corruption</issue>
  <issue tracker="bnc" id="1126141">VUL-0: CVE-2019-17341: xen: XSA-285: race with pass-through device hotplug</issue>
  <issue tracker="cve" id="2019-14378"/>
  <issue tracker="cve" id="2019-17340"/>
  <issue tracker="cve" id="2019-17344"/>
  <issue tracker="cve" id="2019-15890"/>
  <issue tracker="cve" id="2019-17346"/>
  <issue tracker="cve" id="2019-12068"/>
  <issue tracker="cve" id="2019-17343"/>
  <issue tracker="cve" id="2019-17347"/>
  <issue tracker="cve" id="2019-17341"/>
  <issue tracker="cve" id="2019-17342"/>
  <issue tracker="cve" id="2019-17348"/>
  <packager>charlesa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:
	  
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
  which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of 
  service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU 
  emulator which could have led to execution of  arbitrary code with privileges of the 
  QEMU process (bsc#1143797).
 </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places