SUSE-SU-2019:2783-1

Details

Description of the patch:

This update for xen fixes the following issues:

CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).

Affected Packages

xen

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE OpenStack Cloud 7

Fixed in:

4.7.6_06-43.54.2

xen-doc-html

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE OpenStack Cloud 7

Fixed in:

4.7.6_06-43.54.2

xen-libs

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE OpenStack Cloud 7

Fixed in:

4.7.6_06-43.54.2

xen-libs-32bit

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE OpenStack Cloud 7

Fixed in:

4.7.6_06-43.54.2

xen-tools

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE OpenStack Cloud 7

Fixed in:

4.7.6_06-43.54.2

xen-tools-domU

SUSE Enterprise Storage 4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 12 SP2SUSE OpenStack Cloud 7

Fixed in:

4.7.6_06-43.54.2

References