English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.851992
Category:SuSE Local Security Checks
Title:SuSE Update for xen openSUSE-SU-2018:2436-1 (xen)
Summary:The remote host is missing an update for the 'xen'; package(s) announced via the openSUSE-SU-2018:2436_1 advisory.
Description:Summary:
The remote host is missing an update for the 'xen'
package(s) announced via the openSUSE-SU-2018:2436_1 advisory.

Vulnerability Insight:
This update for xen fixes the following security issues:

- CVE-2018-3646: Systems with microprocessors utilizing speculative
execution and address translations may have allowed unauthorized
disclosure of information residing in the L1 data cache to an attacker
with local user access with guest OS privilege via a terminal page fault
and a side-channel analysis (bsc#1091107, bsc#1027519).

- Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a
malicious or buggy guest administrator can lock up the entire host
(bsc#1103276)

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-911=1

Affected Software/OS:
xen on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
4.7

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-3646
BugTraq ID: 105080
http://www.securityfocus.com/bid/105080
CERT/CC vulnerability note: VU#982149
https://www.kb.cert.org/vuls/id/982149
Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
Debian Security Information: DSA-4274 (Google Search)
https://www.debian.org/security/2018/dsa-4274
Debian Security Information: DSA-4279 (Google Search)
https://www.debian.org/security/2018/dsa-4279
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/
FreeBSD Security Advisory: FreeBSD-SA-18:09
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc
https://security.gentoo.org/glsa/201810-06
https://foreshadowattack.eu/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
RedHat Security Advisories: RHSA-2018:2384
https://access.redhat.com/errata/RHSA-2018:2384
RedHat Security Advisories: RHSA-2018:2387
https://access.redhat.com/errata/RHSA-2018:2387
RedHat Security Advisories: RHSA-2018:2388
https://access.redhat.com/errata/RHSA-2018:2388
RedHat Security Advisories: RHSA-2018:2389
https://access.redhat.com/errata/RHSA-2018:2389
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:2391
https://access.redhat.com/errata/RHSA-2018:2391
RedHat Security Advisories: RHSA-2018:2392
https://access.redhat.com/errata/RHSA-2018:2392
RedHat Security Advisories: RHSA-2018:2393
https://access.redhat.com/errata/RHSA-2018:2393
RedHat Security Advisories: RHSA-2018:2394
https://access.redhat.com/errata/RHSA-2018:2394
RedHat Security Advisories: RHSA-2018:2395
https://access.redhat.com/errata/RHSA-2018:2395
RedHat Security Advisories: RHSA-2018:2396
https://access.redhat.com/errata/RHSA-2018:2396
RedHat Security Advisories: RHSA-2018:2402
https://access.redhat.com/errata/RHSA-2018:2402
RedHat Security Advisories: RHSA-2018:2403
https://access.redhat.com/errata/RHSA-2018:2403
RedHat Security Advisories: RHSA-2018:2404
https://access.redhat.com/errata/RHSA-2018:2404
RedHat Security Advisories: RHSA-2018:2602
https://access.redhat.com/errata/RHSA-2018:2602
RedHat Security Advisories: RHSA-2018:2603
https://access.redhat.com/errata/RHSA-2018:2603
http://www.securitytracker.com/id/1041451
http://www.securitytracker.com/id/1042004
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3756-1/
https://usn.ubuntu.com/3823-1/
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.