Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0462 SUSE Security Update: Security update for xen 15 February 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xen Publisher: SUSE Operating System: SUSE Impact/Access: Root Compromise -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-5683 CVE-2017-18030 CVE-2017-17566 CVE-2017-17565 CVE-2017-17564 CVE-2017-17563 CVE-2017-15595 CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 Reference: ASB-2018.0009 ESB-2018.0044 ASB-2018.0002.4 ESB-2018.0042.2 Original Bulletin: https://www.suse.com/es-es/support/update/announcement/2018/suse-su-20180438-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0438-1 Rating: important References: #1027519 #1035442 #1051729 #1061081 #1067317 #1068032 #1070158 #1070159 #1070160 #1070163 #1074562 #1076116 #1076180 Cross-References: CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka "Spectre" and "Meltdown" attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). These non-security issues were fixed: - bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the libxl disk settings - bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2 - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1027519: Added several upstream patches Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-302=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-302=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-302=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.1_08-3.26.1 xen-devel-4.9.1_08-3.26.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.1_08-3.26.1 xen-debugsource-4.9.1_08-3.26.1 xen-doc-html-4.9.1_08-3.26.1 xen-libs-32bit-4.9.1_08-3.26.1 xen-libs-4.9.1_08-3.26.1 xen-libs-debuginfo-32bit-4.9.1_08-3.26.1 xen-libs-debuginfo-4.9.1_08-3.26.1 xen-tools-4.9.1_08-3.26.1 xen-tools-debuginfo-4.9.1_08-3.26.1 xen-tools-domU-4.9.1_08-3.26.1 xen-tools-domU-debuginfo-4.9.1_08-3.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.1_08-3.26.1 xen-debugsource-4.9.1_08-3.26.1 xen-libs-32bit-4.9.1_08-3.26.1 xen-libs-4.9.1_08-3.26.1 xen-libs-debuginfo-32bit-4.9.1_08-3.26.1 xen-libs-debuginfo-4.9.1_08-3.26.1 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.1_08-3.26.1 xen-libs-4.9.1_08-3.26.1 xen-libs-debuginfo-4.9.1_08-3.26.1 xen-tools-domU-4.9.1_08-3.26.1 xen-tools-domU-debuginfo-4.9.1_08-3.26.1 References: https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-17563.html https://www.suse.com/security/cve/CVE-2017-17564.html https://www.suse.com/security/cve/CVE-2017-17565.html https://www.suse.com/security/cve/CVE-2017-17566.html https://www.suse.com/security/cve/CVE-2017-18030.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-5683.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1035442 https://bugzilla.suse.com/1051729 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1067317 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070158 https://bugzilla.suse.com/1070159 https://bugzilla.suse.com/1070160 https://bugzilla.suse.com/1070163 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1076116 https://bugzilla.suse.com/1076180 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWoUn6ox+lLeg9Ub1AQidqg//RNkV+mGc0drvy8TQ/6DJ2zjTmHj/urjn Mlx34AMMLi+ySIVHnfHuBgwpOX7ZwmMPpNdNM6bO+LdMVJ70Eqv6qhOmcR0fqlSq furl/yHM5ARFuAJwCq7zXQP4xSK1cArviwGmK3kyC+OM7ZX+3V/wLD2HYcgEIZUw +wAhUWpNq6XCmKLSfb+tkBfTwD5BF4OjPiYCubfQHRd7HrhUK8YxPBw+STlgNuD1 uCcxWvBea63Ufh/4/VjFXwdE8vbGi9tm1woTL49EmXiP3p8moWxmXdAQESFwYZde MghOTN1SB5NQvewGJR059kOy60NPBnmlXmS64MX4zDrqRsetl6uKLc0VGU2Yt3PC DmMqEjgUWzMfYGFV9voA2oDfuvx8Vqj3oX67qJG9npCJPoVKgogfaFHJb34hiJqB 1BuuInCwLTGn53afn7FllkoGjU3pLJtZeyNy2hr8CTX13k6ZM0bbxtxSSDk1/FGu Hv7P/yhRtkzw9rRwDkTGMePVVPrgpkqRCSgkezEBbgv5v5buD8OOW8Cda+0w14FE EjIzJVDW1Ba8k3R6MmvPSonTQmixQpeJBJgyPpM6jn73VzFNOyoDT4+dA8Qr3g7C SulultaJkB1LXT16lH+Azg4MQOVHyxKp0vEpF7DfJcNS8fEPuIOQlDMkVFwwLfss Xrr+ZO0tPtM= =nsAJ -----END PGP SIGNATURE-----