Overview

File _patchinfo of Package patchinfo.13549

<patchinfo incident="13549">
  <issue tracker="bnc" id="1158003">VUL-0: EMBARGOED: CVE-2019-19581,CVE-2019-19582: xen: XSA-307 v1 - find_next_bit() issues</issue>
  <issue tracker="bnc" id="1158006">VUL-0: EMBARGOED: CVE-2019-19580: xen: XSA-310 - Further issues with restartable PV type change operations</issue>
  <issue tracker="bnc" id="1157888">VUL-0: CVE-2019-19579: xen: XSA-306 Device quarantine for alternate pci assignment methods</issue>
  <issue tracker="bnc" id="1158004">VUL-0: EMBARGOED: CVE-2019-19583: xen: XSA-308 - VMX: VMentry failure with debug exceptions and blocked states</issue>
  <issue tracker="bnc" id="1158007">VUL-0: EMBARGOED: CVE-2019-19577: xen: XSA-311 - dynamic height for the IOMMU pagetables</issue>
  <issue tracker="bnc" id="1158005">VUL-0: EMBARGOED: CVE-2019-19578: xen: XSA-309 - Linear pagetable use / entry miscounts</issue>
  <issue tracker="bnc" id="1157047">PCI passthrough failed on AMD machine xen host</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1152497">VUL-0: CVE-2019-11135: xen:  TSX Asynchronous Abort (TAA) issue (XSA-305)</issue>
  <issue tracker="cve" id="2019-19581"/>
  <issue tracker="cve" id="2019-19582"/>
  <issue tracker="cve" id="2019-19577"/>
  <issue tracker="cve" id="2019-19578"/>
  <issue tracker="cve" id="2019-19583"/>
  <issue tracker="cve" id="2019-19580"/>
  <issue tracker="cve" id="2019-19579"/>
  <packager>charlesa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:

- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with 
  a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace 
  code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
  hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator 
  could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen 
  to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). 
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access 
  to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047). 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places