openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)

High Nessus Plugin ID 119951

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for xen fixes the following issues :

Update to Xen 4.10.2 bug fix release (bsc#1027519).

Security vulnerabilities fixed :

- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040)

- CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045)

- CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047)

- CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-278) (bsc#1114405)

- CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed guests to enable Branch Trace Store and may cause a Denial of Service (DoS) of the entire host.
(XSA-269) (bsc#1103276)

- CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not properly implemented and may cause a Denial of Service (DoS). (XSA-268) (bsc#1103275)

- CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling writes, which allowed a guest to write memory unbounded leading to system-wide Denial of Service (DoS). (XSA-272) (bsc#1103279)

- CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault (XSA-273) (bsc#1091107)

Other bugs fixed :

- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940)

- Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528)

- Fixed a kernel oops related to fs/dcache.c called by d_materialise_unique() (bsc#1094508)

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected xen packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1027519

https://bugzilla.opensuse.org/show_bug.cgi?id=1078292

https://bugzilla.opensuse.org/show_bug.cgi?id=1091107

https://bugzilla.opensuse.org/show_bug.cgi?id=1094508

https://bugzilla.opensuse.org/show_bug.cgi?id=1103275

https://bugzilla.opensuse.org/show_bug.cgi?id=1103276

https://bugzilla.opensuse.org/show_bug.cgi?id=1103279

https://bugzilla.opensuse.org/show_bug.cgi?id=1105528

https://bugzilla.opensuse.org/show_bug.cgi?id=1108940

https://bugzilla.opensuse.org/show_bug.cgi?id=1114405

https://bugzilla.opensuse.org/show_bug.cgi?id=1115040

https://bugzilla.opensuse.org/show_bug.cgi?id=1115045

https://bugzilla.opensuse.org/show_bug.cgi?id=1115047

Plugin Details

Severity: High

ID: 119951

File Name: openSUSE-2018-1624.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/12/31

Updated: 2018/12/31

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-32bit-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domU, p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2018/12/29

Reference Information

CVE: CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-18883, CVE-2018-19961, CVE-2018-19962, CVE-2018-19965, CVE-2018-19966, CVE-2018-3646