New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.3
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for xen fixes the following issues :
Security issues fixed :
- CVE-2018-3639: Spectre V4 – Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092631)
This feature can be controlled by the 'ssbd=on/off' commandline flag for the XEN hypervisor.
- CVE-2018-10982: x86 vHPET interrupt injection errors (XSA-261 bsc#1090822)
- CVE-2018-10981: qemu may drive Xen into unbounded loop (XSA-262 bsc#1090823)
Other bugfixes :
- Upstream patches from Jan (bsc#1027519)
- additional fixes related to Page Table Isolation (XPTI).
(bsc#1074562 XSA-254)
- qemu-system-i386 cannot handle more than 4 HW NICs (bsc#1090296)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Solution
Update the affected xen packages.