Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="7797">
  <issue id="1027519" tracker="bnc">Xen: Missing upstream bug fixes</issue>
  <issue id="1035442" tracker="bnc">L3: libxl: error: libxl.c:1676:devices_destroy_cb: libxl__devices_destroy failed</issue>
  <issue id="1051729" tracker="bnc">Invalid symlinks after install of sles12sp2</issue>
  <issue id="1061081" tracker="bnc">VUL-0: CVE-2017-15595: xen: Unlimited recursion in linear pagetable de-typing (XSA-240)</issue>
  <issue id="1067317" tracker="bnc">[XEN] The storage sub-option *cache* is invalid when try to change cache mode during install fv guest  by virt-install/virt-manager.</issue>
  <issue id="1068032" tracker="bnc">VUL-0: speculative side channel attacks on various CPU platforms aka "SpectreAttack" and "MeltdownAttack"</issue>
  <issue id="1070158" tracker="bnc">VUL-0: CVE-2017-17566: xen: x86 PV guests may gain access to internally used pages (XSA-248)</issue>
  <issue id="1070159" tracker="bnc">VUL-0: CVE-2017-17563: xen: broken x86 shadow mode refcount overflow check (XSA-249)</issue>
  <issue id="1070160" tracker="bnc">VUL-0: CVE-2017-17564: xen: improper x86 shadow mode refcount error handling (XSA-250)</issue>
  <issue id="1070163" tracker="bnc">VUL-0: CVE-2017-17565: xen: improper bug check in x86 log-dirty handling (XSA-251)</issue>
  <issue id="1074562" tracker="bnc">VUL-0: xen: Information leak via side effects of speculative execution (XSA-254)</issue>
  <issue id="1076116" tracker="bnc">VUL-1: CVE-2018-5683: xen:  Qemu: Out-of-bounds read in vga_draw_text routine</issue>
  <issue id="1076180" tracker="bnc">VUL-1: CVE-2017-18030: xen: qemu: Out-of-bounds access in cirrus_invalidate_region routine</issue>
  <issue id="2017-5715" tracker="cve" />
  <issue id="2017-5753" tracker="cve" />
  <issue id="2017-5754" tracker="cve" />
  <issue id="2017-15595" tracker="cve" />
  <issue id="2017-17563" tracker="cve" />
  <issue id="2017-17564" tracker="cve" />
  <issue id="2017-17565" tracker="cve" />
  <issue id="2017-17566" tracker="cve" />
  <issue id="2017-18030" tracker="cve" />
  <issue id="2018-5683" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>charlesa</packager>
  <description>This update for xen fixes several issues.

These security issues were fixed:

- CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via
  side effects of speculative execution, aka "Spectre" and "Meltdown" attacks
  (bsc#1074562, bsc#1068032)
- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded
  recursion, stack consumption, and hypervisor crash) or possibly gain privileges
  via crafted page-table stacking (bsc#1061081)
- CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host
  OS crash) or gain host OS privileges in shadow mode by mapping a certain
  auxiliary page (bsc#1070158).
- CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS
  crash) or gain host OS privileges by leveraging an incorrect mask for
  reference-count overflow checking in shadow mode (bsc#1070159).
- CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS
  crash) or gain host OS privileges by leveraging incorrect error handling for
  reference counting in shadow mode (bsc#1070160).
- CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host
  OS crash) if shadow mode and log-dirty mode are in place, because of an
  incorrect assertion related to M2P (bsc#1070163).
- CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged
  users to cause a denial of service (out-of-bounds read and QEMU process crash)
  by leveraging improper memory address validation (bsc#1076116).
- CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest
  privileged users to cause a denial of service (out-of-bounds array access and
  QEMU process crash) via vectors related to negative pitch (bsc#1076180).

These non-security issues were fixed:

- bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the
  libxl disk settings
- bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2
- bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100
  seconds. If many domUs shutdown in parallel the backends couldn't keep up 
- bsc#1027519: Added several upstream patches
  
This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
  <summary>Security update for xen</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places