Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)
Summary:The remote host is missing an update for the 'xen'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'xen'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for xen to version 4.9.2 fixes several issues.

This feature was added:

- Added script, udev rule and systemd service to watch for vcpu
online/offline events in a HVM domU. They are triggered via 'xl vcpu-set
domU N'

These security issues were fixed:

- CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,

- Handle HPET timers in IO-APIC mode correctly to prevent malicious or
buggy HVM guests from causing a hypervisor crash or potentially
privilege escalation/information leaks (XSA-261, bsc#1090822)

- Prevent unbounded loop, induced by qemu allowing an attacker to
permanently keep a physical CPU core busy (XSA-262, bsc#1090823)

- CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were
able to read arbitrary dom0 files via QMP live insertion of a CDROM, in
conjunction with specifying the target file as the backing file of a
snapshot (bsc#1089152).

- CVE-2018-10471: x86 PV guest OS users were able to cause a denial of
service (out-of-bounds zero write and hypervisor crash) via unexpected
INT 80 processing, because of an incorrect fix for CVE-2017-5754

- CVE-2018-7540: x86 PV guest OS users were able to cause a denial of
service (host OS CPU hang) via non-preemptible L3/L4 pagetable freeing

- CVE-2018-7541: Guest OS users were able to cause a denial of service
(hypervisor crash) or gain privileges by triggering a grant-table
transition from v2 to v1 (bsc#1080662).

- CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of
service (NULL pointer dereference and hypervisor crash) by leveraging
the mishandling
of configurations that lack a Local APIC (bsc#1080634).

These non-security issues were fixed:

- bsc#1087252: Update built-in defaults for xenstored in stubdom, keep
default to run xenstored as daemon in dom0

- bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing
vmcores with crash(1)

- bsc#1072834: Prevent unchecked MSR access error

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-454=1

Affected Software/OS:
xen on openSUSE Leap 42.3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-7540
BugTraq ID: 103174
Debian Security Information: DSA-4131 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-7541
BugTraq ID: 103177
Common Vulnerability Exposure (CVE) ID: CVE-2018-7542
Common Vulnerability Exposure (CVE) ID: CVE-2018-8897
BugTraq ID: 104071
CERT/CC vulnerability note: VU#631579
Debian Security Information: DSA-4196 (Google Search)
Debian Security Information: DSA-4201 (Google Search)
RedHat Security Advisories: RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1319
RedHat Security Advisories: RHSA-2018:1345
RedHat Security Advisories: RHSA-2018:1346
RedHat Security Advisories: RHSA-2018:1347
RedHat Security Advisories: RHSA-2018:1348
RedHat Security Advisories: RHSA-2018:1349
RedHat Security Advisories: RHSA-2018:1350
RedHat Security Advisories: RHSA-2018:1351
RedHat Security Advisories: RHSA-2018:1352
RedHat Security Advisories: RHSA-2018:1353
RedHat Security Advisories: RHSA-2018:1354
RedHat Security Advisories: RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:1524
Common Vulnerability Exposure (CVE) ID: CVE-2017-5754
BugTraq ID: 102378
BugTraq ID: 106128
CERT/CC vulnerability note: VU#180049
CERT/CC vulnerability note: VU#584653
Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
Debian Security Information: DSA-4078 (Google Search)
Debian Security Information: DSA-4082 (Google Search)
Debian Security Information: DSA-4120 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-18:03
RedHat Security Advisories: RHSA-2018:0292
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.