Overview

File _patchinfo of Package patchinfo.9804

<patchinfo incident="9804">
  <issue tracker="bnc" id="1114423">VUL-0: CVE-2018-18849: xen: QEMU: lsi53c895a: OOB msg buffer access leads to DoS</issue>
  <issue tracker="bnc" id="1108940">L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV</issue>
  <issue tracker="bnc" id="1115043">VUL-0: CVE-2018-19963: xen: resource accounting issues in x86 IOREQ server handling (XSA-276)</issue>
  <issue tracker="bnc" id="1111014">VUL-0: CVE-2018-17963: xen: net: ignore packets with large size</issue>
  <issue tracker="bnc" id="1115040">VUL-0:  CVE-2018-19961 CVE-2018-19962: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)</issue>
  <issue tracker="bnc" id="1115047">VUL-0:  CVE-2018-19966 : xen: Fix for XSA-240 conflicts with shadow paging (XSA-280)</issue>
  <issue tracker="bnc" id="1114988">VUL-0: CVE-2018-19967: xen: guest use of HLE constructs may lock up host (XSA-282)</issue>
  <issue tracker="bnc" id="1115045">VUL-0:  CVE-2018-19965 : xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses (XSA-279)</issue>
  <issue tracker="bnc" id="1115044">VUL-0: CVE-2018-19964: xen: x86: incorrect error handling for guest p2m page removals (XSA-277)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1117756">VUL-0: CVE-2018-19665: xen: Integer overflow in Bluetooth routines allows memory corruption</issue>
  <issue tracker="bnc" id="1114405">VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278)</issue>
  <issue tracker="cve" id="2018-17963"/>
  <issue tracker="cve" id="2018-19965"/>
  <issue tracker="cve" id="2018-19964"/>
  <issue tracker="cve" id="2018-19967"/>
  <issue tracker="cve" id="2018-19966"/>
  <issue tracker="cve" id="2018-18849"/>
  <issue tracker="cve" id="2018-19963"/>
  <issue tracker="cve" id="2018-19962"/>
  <issue tracker="cve" id="2018-19961"/>
  <issue tracker="cve" id="2018-18883"/>
  <issue tracker="cve" id="2018-19665"/>
  <category>security</category>
  <rating>important</rating>
  <packager>charlesa</packager>
  <description>This update for xen fixes the following issues:

- Update to Xen 4.11.1 bug fix release (bsc#1027519)

- CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which
  could occur when a packet with large packet size is processed. A user inside
  a guest could have used this flaw to crash the qemu process resulting in a
  Denial of Service (DoS). (bsc#1111014)
- CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI
  host bus adapter emulation, which allowed a user and/or process to crash the
  qemu process resulting in a Denial of Service (DoS). (bsc#1114423)
- CVE-2018-18883: Fixed an issue related to inproper restriction of nested
  VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of
  Service (DoS). (XSA-278) (bsc#1114405)
- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB
  flushing with AMD IOMMUs, which potentially allowed a guest to escalate its
  privileges, may cause a Denial of Service (DoS) affecting the entire host, or
  may be able to access data it is not supposed to access. (XSA-275)
  (bsc#1115040)
- CVE-2018-19963: Fixed the allocation of pages used to communicate with
  external emulators, which may have cuased Xen to crash, resulting in a Denial
  of Service (DoS). (XSA-276) (bsc#1115043)
- CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case
  non-canonical addresses are accessed, which may allow a guest to cause Xen to
  crash, resulting in a Denial of Service (DoS) affecting the entire host.
  (XSA-279) (bsc#1115045)
- CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which
  conflicted with shadow paging and allowed a guest to cause Xen to crash,
  resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047)
- CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host,
  resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)
- CVE-2018-19964: Fixed the incorrect error handling of p2m page removals,
  which allowed a guest to cause a deadlock, resulting in a Denial of Service
  (DoS) affecting the entire host. (XSA-277) (bsc#1115044)
- CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in
  various Bluetooth functions, allowing this to crash qemu process resulting in
  Denial of Service (DoS). (bsc#1117756).

Other bugs fixed:

- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)

</description>
  <summary>Security update for xen</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places