Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.1203.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:1203-1)
Summary:The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1203-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:1203-1 advisory.

Vulnerability Insight:
This update for xen fixes several issues.
These security issues were fixed:
- CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,
bsc#1090820)
- Handle HPET timers in IO-APIC mode correctly to prevent malicious or
buggy HVM guests from causing a hypervisor crash or potentially
privilege escalation/information leaks (XSA-261, bsc#1090822)
- Prevent unbounded loop, induced by qemu allowing an attacker to
permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
- CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were
able to read arbitrary dom0 files via QMP live insertion of a CDROM, in
conjunction with specifying the target file as the backing file of a
snapshot (bsc#1089152).
- CVE-2018-10471: x86 PV guest OS users were able to cause a denial of
service (out-of-bounds zero write and hypervisor crash) via unexpected
INT 80 processing, because of an incorrect fix for CVE-2017-5754
(bsc#1089635).
- CVE-2018-7550: The load_multiboot function allowed local guest OS users
to execute arbitrary code on the host via a mh_load_end_addr value
greater than mh_bss_end_addr, which triggers an out-of-bounds read or
write memory access (bsc#1083292).

Affected Software/OS:
'xen' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5754
BugTraq ID: 102378
http://www.securityfocus.com/bid/102378
BugTraq ID: 106128
http://www.securityfocus.com/bid/106128
CERT/CC vulnerability note: VU#180049
https://www.kb.cert.org/vuls/id/180049
CERT/CC vulnerability note: VU#584653
http://www.kb.cert.org/vuls/id/584653
Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Debian Security Information: DSA-4078 (Google Search)
https://www.debian.org/security/2018/dsa-4078
Debian Security Information: DSA-4082 (Google Search)
https://www.debian.org/security/2018/dsa-4082
Debian Security Information: DSA-4120 (Google Search)
https://www.debian.org/security/2018/dsa-4120
FreeBSD Security Advisory: FreeBSD-SA-18:03
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc
https://security.gentoo.org/glsa/201810-06
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://meltdownattack.com/
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
RedHat Security Advisories: RHSA-2018:0292
https://access.redhat.com/errata/RHSA-2018:0292
http://www.securitytracker.com/id/1040071
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
https://usn.ubuntu.com/usn/usn-3516-1/
https://usn.ubuntu.com/usn/usn-3522-2/
https://usn.ubuntu.com/3522-3/
https://usn.ubuntu.com/3522-4/
https://usn.ubuntu.com/3523-1/
https://usn.ubuntu.com/usn/usn-3523-2/
https://usn.ubuntu.com/usn/usn-3524-2/
https://usn.ubuntu.com/usn/usn-3525-1/
https://usn.ubuntu.com/3540-2/
https://usn.ubuntu.com/3541-2/
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3597-1/
https://usn.ubuntu.com/3597-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7550
BugTraq ID: 103181
http://www.securityfocus.com/bid/103181
Debian Security Information: DSA-4213 (Google Search)
https://www.debian.org/security/2018/dsa-4213
https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
RedHat Security Advisories: RHSA-2018:1369
https://access.redhat.com/errata/RHSA-2018:1369
RedHat Security Advisories: RHSA-2018:2462
https://access.redhat.com/errata/RHSA-2018:2462
https://usn.ubuntu.com/3649-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8897
BugTraq ID: 104071
http://www.securityfocus.com/bid/104071
CERT/CC vulnerability note: VU#631579
https://www.kb.cert.org/vuls/id/631579
Debian Security Information: DSA-4196 (Google Search)
https://www.debian.org/security/2018/dsa-4196
Debian Security Information: DSA-4201 (Google Search)
https://www.debian.org/security/2018/dsa-4201
https://www.exploit-db.com/exploits/44697/
https://www.exploit-db.com/exploits/45024/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
http://openwall.com/lists/oss-security/2018/05/08/1
http://openwall.com/lists/oss-security/2018/05/08/4
https://bugzilla.redhat.com/show_bug.cgi?id=1567074
https://github.com/can1357/CVE-2018-8897/
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
https://patchwork.kernel.org/patch/10386677/
https://support.apple.com/HT208742
https://svnweb.freebsd.org/base?view=revision&revision=333368
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
https://xenbits.xen.org/xsa/advisory-260.html
https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
RedHat Security Advisories: RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1318
RedHat Security Advisories: RHSA-2018:1319
https://access.redhat.com/errata/RHSA-2018:1319
RedHat Security Advisories: RHSA-2018:1345
https://access.redhat.com/errata/RHSA-2018:1345
RedHat Security Advisories: RHSA-2018:1346
https://access.redhat.com/errata/RHSA-2018:1346
RedHat Security Advisories: RHSA-2018:1347
https://access.redhat.com/errata/RHSA-2018:1347
RedHat Security Advisories: RHSA-2018:1348
https://access.redhat.com/errata/RHSA-2018:1348
RedHat Security Advisories: RHSA-2018:1349
https://access.redhat.com/errata/RHSA-2018:1349
RedHat Security Advisories: RHSA-2018:1350
https://access.redhat.com/errata/RHSA-2018:1350
RedHat Security Advisories: RHSA-2018:1351
https://access.redhat.com/errata/RHSA-2018:1351
RedHat Security Advisories: RHSA-2018:1352
https://access.redhat.com/errata/RHSA-2018:1352
RedHat Security Advisories: RHSA-2018:1353
https://access.redhat.com/errata/RHSA-2018:1353
RedHat Security Advisories: RHSA-2018:1354
https://access.redhat.com/errata/RHSA-2018:1354
RedHat Security Advisories: RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1355
RedHat Security Advisories: RHSA-2018:1524
https://access.redhat.com/errata/RHSA-2018:1524
http://www.securitytracker.com/id/1040744
http://www.securitytracker.com/id/1040849
http://www.securitytracker.com/id/1040861
http://www.securitytracker.com/id/1040866
http://www.securitytracker.com/id/1040882
https://usn.ubuntu.com/3641-1/
https://usn.ubuntu.com/3641-2/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.