Security update for xen

Announcement ID:	SUSE-SU-2018:1202-1
Rating:	important
References:	bsc#1027519 bsc#1083292 bsc#1089152 bsc#1089635 bsc#1090820 bsc#1090822 bsc#1090823
Cross-References:	CVE-2018-10471 CVE-2018-10472 CVE-2018-7550 CVE-2018-8897
CVSS scores:	CVE-2018-10471 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2018-10472 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-7550 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2018-7550 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-7550 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2018-8897 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-8897 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Enterprise Storage 4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves four vulnerabilities and has three security fixes can now be installed.

Description:

This update for xen fixes several issues.

These security issues were fixed:

• CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820)
• Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822)
• Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823)
• CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152).
• CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635).
• CVE-2018-7550: The load_multiboot function allowed local guest OS users to execute arbitrary code on the host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access (bsc#1083292).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1202=1
• SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
  zypper in -t patch SUSE-SLE-POS-12-SP2-CLIENT-2018-1202=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1202=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1202=1
• SUSE Linux Enterprise Software Development Kit 12 SP3
  zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1202=1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1202=1
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1202=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1202=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1202=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1202=1
• SUSE Linux Enterprise Workstation Extension 12 12-SP3
  zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1202=1
• SUSE Enterprise Storage 4
  zypper in -t patch SUSE-Storage-4-2018-1202=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • libmysqlclient_r18-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • libmysqlclient_r18-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • libmysqld-devel-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • libmysqld18-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient_r18-10.0.35-29.20.3
  • libmysqld18-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • libmysqlclient-devel-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • libmysqld-devel-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • libmysqld18-10.0.35-29.20.3
  • libmysqlclient_r18-10.0.35-29.20.3
  • libmysqld18-debuginfo-10.0.35-29.20.3
  • libmysqlclient-devel-10.0.35-29.20.3
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • libmysqld-devel-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • libmysqld18-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient_r18-10.0.35-29.20.3
  • libmysqld18-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • libmysqlclient-devel-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (s390x x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (ppc64le s390x x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (s390x x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server 12 SP3 (s390x x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise High Performance Computing 12 SP3 (x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
• SUSE Linux Enterprise Workstation Extension 12 12-SP3 (x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • libmysqlclient_r18-10.0.35-29.20.3
  • libmysqlclient_r18-32bit-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
• SUSE Enterprise Storage 4 (x86_64)
  • mariadb-debugsource-10.0.35-29.20.3
  • libmysqlclient18-32bit-10.0.35-29.20.3
  • mariadb-errormessages-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3
  • mariadb-client-10.0.35-29.20.3
  • mariadb-tools-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-debuginfo-10.0.35-29.20.3
  • libmysqlclient18-10.0.35-29.20.3
  • mariadb-debuginfo-10.0.35-29.20.3
  • mariadb-client-debuginfo-10.0.35-29.20.3
  • mariadb-10.0.35-29.20.3
  • mariadb-tools-10.0.35-29.20.3

References:

• https://www.suse.com/security/cve/CVE-2018-10471.html
• https://www.suse.com/security/cve/CVE-2018-10472.html
• https://www.suse.com/security/cve/CVE-2018-7550.html
• https://www.suse.com/security/cve/CVE-2018-8897.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027519
• https://bugzilla.suse.com/show_bug.cgi?id=1083292
• https://bugzilla.suse.com/show_bug.cgi?id=1089152
• https://bugzilla.suse.com/show_bug.cgi?id=1089635
• https://bugzilla.suse.com/show_bug.cgi?id=1090820
• https://bugzilla.suse.com/show_bug.cgi?id=1090822
• https://bugzilla.suse.com/show_bug.cgi?id=1090823