Security update for xen

Announcement ID:	SUSE-SU-2018:1184-1
Rating:	important
References:	bsc#1027519 bsc#1072834 bsc#1080634 bsc#1080635 bsc#1080662 bsc#1087251 bsc#1087252 bsc#1089152 bsc#1089635 bsc#1090820 bsc#1090822 bsc#1090823
Cross-References:	CVE-2018-10471 CVE-2018-10472 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897
CVSS scores:	CVE-2018-10471 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2018-10472 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-7540 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2018-7540 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2018-7541 ( SUSE ): 8.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H CVE-2018-7541 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-7542 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2018-7542 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2018-8897 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-8897 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Container as a Service Platform 1.0 SUSE Container as a Service Platform 2.0 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3

An update that solves six vulnerabilities and has six security fixes can now be installed.

Description:

This update for xen to version 4.9.2 fixes several issues.

This feature was added:

• Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N'

These security issues were fixed:

• CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820)
• Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822)
• Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
• CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152).
• CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635).
• CVE-2018-7540: x86 PV guest OS users were able to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing (bsc#1080635).
• CVE-2018-7541: Guest OS users were able to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1 (bsc#1080662).
• CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC (bsc#1080634).

These non-security issues were fixed:

• bsc#1087252: Update built-in defaults for xenstored in stubdom, keep default to run xenstored as daemon in dom0
• bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1)
• bsc#1072834: Prevent unchecked MSR access error

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-828=1
• SUSE Linux Enterprise Software Development Kit 12 SP3
  zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-828=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-828=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-828=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-828=1
• SUSE Container as a Service Platform 2.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
• SUSE Container as a Service Platform 1.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • xen-libs-4.9.2_04-3.29.1
  • xen-4.9.2_04-3.29.1
  • xen-libs-32bit-4.9.2_04-3.29.1
  • xen-libs-debuginfo-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
  • xen-libs-debuginfo-32bit-4.9.2_04-3.29.1
• SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 x86_64)
  • xen-devel-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
  • xen-libs-4.9.2_04-3.29.1
  • xen-4.9.2_04-3.29.1
  • xen-tools-domU-debuginfo-4.9.2_04-3.29.1
  • xen-tools-4.9.2_04-3.29.1
  • xen-tools-debuginfo-4.9.2_04-3.29.1
  • xen-libs-32bit-4.9.2_04-3.29.1
  • xen-libs-debuginfo-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
  • xen-libs-debuginfo-32bit-4.9.2_04-3.29.1
  • xen-doc-html-4.9.2_04-3.29.1
  • xen-tools-domU-4.9.2_04-3.29.1
• SUSE Linux Enterprise Server 12 SP3 (x86_64)
  • xen-libs-4.9.2_04-3.29.1
  • xen-4.9.2_04-3.29.1
  • xen-tools-domU-debuginfo-4.9.2_04-3.29.1
  • xen-tools-4.9.2_04-3.29.1
  • xen-tools-debuginfo-4.9.2_04-3.29.1
  • xen-libs-32bit-4.9.2_04-3.29.1
  • xen-libs-debuginfo-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
  • xen-libs-debuginfo-32bit-4.9.2_04-3.29.1
  • xen-doc-html-4.9.2_04-3.29.1
  • xen-tools-domU-4.9.2_04-3.29.1
• SUSE Linux Enterprise High Performance Computing 12 SP3 (x86_64)
  • xen-libs-4.9.2_04-3.29.1
  • xen-4.9.2_04-3.29.1
  • xen-tools-domU-debuginfo-4.9.2_04-3.29.1
  • xen-tools-4.9.2_04-3.29.1
  • xen-tools-debuginfo-4.9.2_04-3.29.1
  • xen-libs-32bit-4.9.2_04-3.29.1
  • xen-libs-debuginfo-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
  • xen-libs-debuginfo-32bit-4.9.2_04-3.29.1
  • xen-doc-html-4.9.2_04-3.29.1
  • xen-tools-domU-4.9.2_04-3.29.1
• SUSE Container as a Service Platform 2.0 (x86_64)
  • xen-libs-4.9.2_04-3.29.1
  • xen-tools-domU-debuginfo-4.9.2_04-3.29.1
  • xen-libs-debuginfo-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
  • xen-tools-domU-4.9.2_04-3.29.1
• SUSE Container as a Service Platform 1.0 (x86_64)
  • xen-libs-4.9.2_04-3.29.1
  • xen-tools-domU-debuginfo-4.9.2_04-3.29.1
  • xen-libs-debuginfo-4.9.2_04-3.29.1
  • xen-debugsource-4.9.2_04-3.29.1
  • xen-tools-domU-4.9.2_04-3.29.1

References:

• https://www.suse.com/security/cve/CVE-2018-10471.html
• https://www.suse.com/security/cve/CVE-2018-10472.html
• https://www.suse.com/security/cve/CVE-2018-7540.html
• https://www.suse.com/security/cve/CVE-2018-7541.html
• https://www.suse.com/security/cve/CVE-2018-7542.html
• https://www.suse.com/security/cve/CVE-2018-8897.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027519
• https://bugzilla.suse.com/show_bug.cgi?id=1072834
• https://bugzilla.suse.com/show_bug.cgi?id=1080634
• https://bugzilla.suse.com/show_bug.cgi?id=1080635
• https://bugzilla.suse.com/show_bug.cgi?id=1080662
• https://bugzilla.suse.com/show_bug.cgi?id=1087251
• https://bugzilla.suse.com/show_bug.cgi?id=1087252
• https://bugzilla.suse.com/show_bug.cgi?id=1089152
• https://bugzilla.suse.com/show_bug.cgi?id=1089635
• https://bugzilla.suse.com/show_bug.cgi?id=1090820
• https://bugzilla.suse.com/show_bug.cgi?id=1090822
• https://bugzilla.suse.com/show_bug.cgi?id=1090823