|Category:||SuSE Local Security Checks|
|Title:||SuSE Update for xen openSUSE-SU-2018:4111-1 (xen)|
|Summary:||The remote host is missing an update for the 'xen'; package(s) announced via the openSUSE-SU-2018:4111_1 advisory.|
The remote host is missing an update for the 'xen'
package(s) announced via the openSUSE-SU-2018:4111_1 advisory.
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2018-18849: Fixed an out of bounds memory access issue was found in
the LSI53C895A SCSI Host Bus Adapter emulation while writing a message
in lsi_do_msgin (bsc#1114423).
- CVE-2018-18883: Fixed a NULL pointer dereference that could have been
triggered by nested VT-x that where not properly restricted
- CVE-2018-19965: Fixed denial of service issue from attempting to use
INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045).
- CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused
conflicts with shadow paging (XSA-280)(bsc#1115047).
- CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing /
improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040).
Non-security issues fixed:
- Added upstream bug fixes (bsc#1027519).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
To install this openSUSE Security Update use the SUSE recommended
like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1530=1
xen on openSUSE Leap 42.3.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-18849|
Common Vulnerability Exposure (CVE) ID: CVE-2018-18883
Common Vulnerability Exposure (CVE) ID: CVE-2018-19961
Common Vulnerability Exposure (CVE) ID: CVE-2018-19962
Common Vulnerability Exposure (CVE) ID: CVE-2018-19965
Common Vulnerability Exposure (CVE) ID: CVE-2018-19966
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.