Bugzilla – Bug 1096224
VUL-0: CVE-2018-11806: xen: slirp: heap buffer overflow while reassembling fragmented datagrams
Last modified: 2021-01-22 09:02:03 UTC
+++ This bug was initially created as a clone of Bug #1096223 +++ A heap buffer overflow issue was found in the way Slirp networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code on the host with privileges of the Qemu process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
SUSE-SU-2018:2037-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xen-4.4.4_34-61.32.1 SUSE Linux Enterprise Server 11-SP4 (src): xen-4.4.4_34-61.32.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.4_34-61.32.1
SUSE-SU-2018:2056-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_34-22.71.2
SUSE-SU-2018:2059-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1087289,1095242,1096224,1097521,1097522,1097523 CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): xen-4.9.2_08-3.35.2 SUSE Linux Enterprise Server 12-SP3 (src): xen-4.9.2_08-3.35.2 SUSE Linux Enterprise Desktop 12-SP3 (src): xen-4.9.2_08-3.35.2 SUSE CaaS Platform ALL (src): xen-4.9.2_08-3.35.2
SUSE-SU-2018:2069-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): xen-4.5.5_24-22.52.3 SUSE Linux Enterprise Server 12-SP1-LTSS (src): xen-4.5.5_24-22.52.3
SUSE-SU-2018:2081-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1027519,1087289,1094725,1095242,1096224,1097521,1097522,1097523 CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE OpenStack Cloud 7 (src): xen-4.7.6_02-43.36.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): xen-4.7.6_02-43.36.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): xen-4.7.6_02-43.36.1 SUSE Enterprise Storage 4 (src): xen-4.7.6_02-43.36.1
openSUSE-SU-2018:2211-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1087289,1095242,1096224,1097521,1097522,1097523 CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665 Sources used: openSUSE Leap 42.3 (src): xen-4.9.2_08-25.2
released
SUSE-SU-2018:2528-1: An update that solves 12 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1027519,1074562,1079730,1090822,1090823,1091107,1092631,1095242,1096224,1097206,1097521,1097522,1098744 CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2018-10981,CVE-2018-10982,CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3639,CVE-2018-3646,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): xen-4.2.5_21-45.25.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-45.25.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-45.25.1
SUSE-SU-2018:2081-2: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1027519,1087289,1094725,1095242,1096224,1097521,1097522,1097523 CVE References: CVE-2018-11806,CVE-2018-12891,CVE-2018-12892,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): xen-4.7.6_02-43.36.1