Security update for xen

Announcement ID:	SUSE-SU-2018:1177-1
Rating:	important
References:	bsc#1027519 bsc#1057493 bsc#1072834 bsc#1083292 bsc#1086107 bsc#1089152 bsc#1089635 bsc#1090820 bsc#1090822 bsc#1090823
Cross-References:	CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897
CVSS scores:	CVE-2018-10471 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2018-10472 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-7550 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2018-7550 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-7550 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-8897 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-8897 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 LTSS 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves four vulnerabilities and has six security fixes can now be installed.

Description:

This update for xen fixes several issues.

These security issues were fixed:

• CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820)
• Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822)
• Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
• CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152).
• CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635).
• CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292).

This non-security issue was fixed:

• bsc#1072834: Prevent unchecked MSR access error
• bsc#1057493: Prevent DomU crashes
• bsc#1086107: Fixed problems with backports for XSA-246 and XSA-247

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 LTSS 12
  zypper in -t patch SUSE-SLE-SERVER-12-2018-819=1

Package List:

• SUSE Linux Enterprise Server 12 LTSS 12 (x86_64)
  • xen-debugsource-4.4.4_30-22.65.1
  • xen-kmp-default-4.4.4_30_k3.12.61_52.125-22.65.1
  • xen-tools-domU-4.4.4_30-22.65.1
  • xen-tools-debuginfo-4.4.4_30-22.65.1
  • xen-libs-debuginfo-32bit-4.4.4_30-22.65.1
  • xen-libs-4.4.4_30-22.65.1
  • xen-libs-32bit-4.4.4_30-22.65.1
  • xen-doc-html-4.4.4_30-22.65.1
  • xen-4.4.4_30-22.65.1
  • xen-kmp-default-debuginfo-4.4.4_30_k3.12.61_52.125-22.65.1
  • xen-tools-4.4.4_30-22.65.1
  • xen-libs-debuginfo-4.4.4_30-22.65.1
  • xen-tools-domU-debuginfo-4.4.4_30-22.65.1

References:

• https://www.suse.com/security/cve/CVE-2018-10471.html
• https://www.suse.com/security/cve/CVE-2018-10472.html
• https://www.suse.com/security/cve/CVE-2018-7550.html
• https://www.suse.com/security/cve/CVE-2018-8897.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027519
• https://bugzilla.suse.com/show_bug.cgi?id=1057493
• https://bugzilla.suse.com/show_bug.cgi?id=1072834
• https://bugzilla.suse.com/show_bug.cgi?id=1083292
• https://bugzilla.suse.com/show_bug.cgi?id=1086107
• https://bugzilla.suse.com/show_bug.cgi?id=1089152
• https://bugzilla.suse.com/show_bug.cgi?id=1089635
• https://bugzilla.suse.com/show_bug.cgi?id=1090820
• https://bugzilla.suse.com/show_bug.cgi?id=1090822
• https://bugzilla.suse.com/show_bug.cgi?id=1090823