File _patchinfo of Package patchinfo.9809

<patchinfo incident="9809">
  <issue tracker="bnc" id="1114423">VUL-0: CVE-2018-18849: xen: QEMU: lsi53c895a: OOB msg buffer access leads to DoS</issue>
  <issue tracker="bnc" id="1108940">L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV</issue>
  <issue tracker="bnc" id="1116380">live migrations are failing when spectre is enabled on xen boot cmdline</issue>
  <issue tracker="bnc" id="1115040">VUL-0:  CVE-2018-19961 CVE-2018-19962: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)</issue>
  <issue tracker="bnc" id="1115047">VUL-0:  CVE-2018-19966 : xen: Fix for XSA-240 conflicts with shadow paging (XSA-280)</issue>
  <issue tracker="bnc" id="1115045">VUL-0:  CVE-2018-19965 : xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses (XSA-279)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1117756">VUL-0: CVE-2018-19665: xen: Integer overflow in Bluetooth routines allows memory corruption</issue>
  <issue tracker="bnc" id="1105528">L3: xpti=no-dom0 not working as expected</issue>
  <issue tracker="cve" id="2018-19965"/>
  <issue tracker="cve" id="2018-19966"/>
  <issue tracker="cve" id="2018-19961"/>
  <issue tracker="cve" id="2018-19962"/>
  <issue tracker="cve" id="2018-18849"/>
  <issue tracker="cve" id="2018-19665"/>
  <category>security</category>
  <rating>important</rating>
  <packager>charlesa</packager>
  <description>This update for xen fixes the following issues:

Security vulnerabilities fixed:

- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB
  flushing with AMD IOMMUs, which potentially allowed a guest to escalate its
  privileges, may cause a Denial of Service (DoS) affecting the entire host, or
  may be able to access data it is not supposed to access. (XSA-275)
  (bsc#1115040)
- CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case
  non-canonical addresses are accessed, which may allow a guest to cause Xen to
  crash, resulting in a Denial of Service (DoS) affecting the entire host.
  (XSA-279) (bsc#1115045)
- CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which
  conflicted with shadow paging and allowed a guest to cause Xen to crash,
  resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)
- CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in
  various Bluetooth functions, allowing this to crash qemu process resulting in
  Denial of Service (DoS). (bsc#1117756).
- CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI
  host bus adapter emulation, which allowed a user and/or process to crash the
  qemu process resulting in a Denial of Service (DoS). (bsc#1114423)

Other bugs fixed:

- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)
- Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)
- Fixed an issue with live migrations, which used to fail when spectre is
  enabled on xen boot cmdline (bsc#1116380)
- Upstream bug fixes (bsc#1027519)
</description>
  <summary>Security update for xen</summary>
</patchinfo>