Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:1181-1)
Summary:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1181-1 advisory.
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1181-1 advisory.

Vulnerability Insight:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,
- Handle HPET timers in IO-APIC mode correctly to prevent malicious or
buggy HVM guests from causing a hypervisor crash or potentially
privilege escalation/information leaks (XSA-261, bsc#1090822)
- Prevent unbounded loop, induced by qemu allowing an attacker to
permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
- CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were
able to read arbitrary dom0 files via QMP live insertion of a CDROM, in
conjunction with specifying the target file as the backing file of a
snapshot (bsc#1089152).
- CVE-2018-10471: x86 PV guest OS users were able to cause a denial of
service (out-of-bounds zero write and hypervisor crash) via unexpected
INT 80 processing, because of an incorrect fix for CVE-2017-5754
- CVE-2018-7550: The load_multiboot function allowed local guest OS users
to execute arbitrary code on the host via a mh_load_end_addr value
greater than mh_bss_end_addr, which triggers an out-of-bounds read or
write memory access (bsc#1083292).
These non-security issues were fixed:
- bsc#1072834: Prevent unchecked MSR access error
- bsc#1035442: Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100
seconds, allowing for more domUs to be shutdown in parallel
- bsc#1057493: Prevent DomU crash

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5754
BugTraq ID: 102378
BugTraq ID: 106128
CERT/CC vulnerability note: VU#180049
CERT/CC vulnerability note: VU#584653
Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
Debian Security Information: DSA-4078 (Google Search)
Debian Security Information: DSA-4082 (Google Search)
Debian Security Information: DSA-4120 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-18:03
RedHat Security Advisories: RHSA-2018:0292
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-7550
BugTraq ID: 103181
Debian Security Information: DSA-4213 (Google Search)
RedHat Security Advisories: RHSA-2018:1369
RedHat Security Advisories: RHSA-2018:2462
Common Vulnerability Exposure (CVE) ID: CVE-2018-8897
BugTraq ID: 104071
CERT/CC vulnerability note: VU#631579
Debian Security Information: DSA-4196 (Google Search)
Debian Security Information: DSA-4201 (Google Search)
RedHat Security Advisories: RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1319
RedHat Security Advisories: RHSA-2018:1345
RedHat Security Advisories: RHSA-2018:1346
RedHat Security Advisories: RHSA-2018:1347
RedHat Security Advisories: RHSA-2018:1348
RedHat Security Advisories: RHSA-2018:1349
RedHat Security Advisories: RHSA-2018:1350
RedHat Security Advisories: RHSA-2018:1351
RedHat Security Advisories: RHSA-2018:1352
RedHat Security Advisories: RHSA-2018:1353
RedHat Security Advisories: RHSA-2018:1354
RedHat Security Advisories: RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:1524
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.