{"affected":[{"ecosystem_specific":{"binaries":[{"xen-libs":"4.10.2_04-3.9.1","xen-tools-domU":"4.10.2_04-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.10.2_04-3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.10.2_04-3.9.1","xen-devel":"4.10.2_04-3.9.1","xen-tools":"4.10.2_04-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.10.2_04-3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xen fixes the following issues:\n\nUpdate to Xen 4.10.2 bug fix release (bsc#1027519).\n\nSecurity vulnerabilities fixed:\n\n- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB\n  flushing with AMD IOMMUs, which potentially allowed a guest to escalate its\n  privileges, may cause a Denial of Service (DoS) affecting the entire host, or\n  may be able to access data it is not supposed to access. (XSA-275)\n  (bsc#1115040)\n- CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case\n  non-canonical addresses are accessed, which may allow a guest to cause Xen to\n  crash, resulting in a Denial of Service (DoS) affecting the entire host.\n  (XSA-279) (bsc#1115045)\n- CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which\n  conflicted with shadow paging and allowed a guest to cause Xen to crash,\n  resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)\n- CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x,\n  which allowed a guest to cause Xen to crash, resulting in a Denial of Service\n  (DoS). (XSA-278) (bsc#1114405)\n- CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed guests to\n  enable Branch Trace Store and may cause a Denial of Service (DoS) of the\n  entire host. (XSA-269) (bsc#1103276)\n- CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not properly\n  implemented and may cause a Denial of Service (DoS). (XSA-268) (bsc#1103275)\n- CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling writes,\n  which allowed a guest to write memory unbounded leading to system-wide Denial\n  of Service (DoS). (XSA-272) (bsc#1103279)\n- CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault (XSA-273)\n  (bsc#1091107)\n\nOther bugs fixed:\n\n- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)\n- Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)\n- Fixed a kernel oops related to fs/dcache.c called by d_materialise_unique() (bsc#1094508)\n","id":"SUSE-SU-2018:4300-1","modified":"2018-12-28T17:38:50Z","published":"2018-12-28T17:38:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20184300-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027519"},{"type":"REPORT","url":"https://bugzilla.suse.com/1078292"},{"type":"REPORT","url":"https://bugzilla.suse.com/1091107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094508"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103275"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103276"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103279"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105528"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108940"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114405"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115040"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115045"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115047"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15469"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18883"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19962"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19966"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3646"}],"related":["CVE-2018-15468","CVE-2018-15469","CVE-2018-15470","CVE-2018-18883","CVE-2018-19961","CVE-2018-19962","CVE-2018-19965","CVE-2018-19966","CVE-2018-3646"],"summary":"Security update for xen","upstream":["CVE-2018-15468","CVE-2018-15469","CVE-2018-15470","CVE-2018-18883","CVE-2018-19961","CVE-2018-19962","CVE-2018-19965","CVE-2018-19966","CVE-2018-3646"]}