Bug 1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: oxenstored does not apply quota-maxentity (XSA-272)
(CVE-2018-15470)
VUL-0: CVE-2018-15470: xen: oxenstored does not apply quota-maxentity (XSA-272)
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Charles Arnold
Security Team bot
CVSSv3:RedHat:CVE-2018-15470:6.0:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-31 15:59 UTC by Johannes Segitz
Modified: 2018-12-30 23:41 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Charles Arnold 2018-07-31 17:13:50 UTC
"Only systems using the OCaml xenstored implementation are potentially
vulnerable.  Systems using the C xenstored implementation are not
vulnerable."

We only build and ship the C xenstored implementation.
Comment 2 Johannes Segitz 2018-08-01 07:31:27 UTC
(In reply to Charles Arnold from comment #1)
thank you
Comment 3 Marcus Meissner 2018-08-20 05:38:27 UTC
CVE-2018-15470
Comment 5 Swamp Workflow Management 2018-10-26 16:16:32 UTC
SUSE-SU-2018:3490-1: An update that solves 5 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1027519,1078292,1091107,1094508,1103275,1103276,1103279,1106263,1111014
CVE References: CVE-2018-15468,CVE-2018-15469,CVE-2018-15470,CVE-2018-17963,CVE-2018-3646
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xen-4.9.3_03-3.44.2
SUSE Linux Enterprise Server 12-SP3 (src):    xen-4.9.3_03-3.44.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    xen-4.9.3_03-3.44.2
SUSE CaaS Platform ALL (src):    xen-4.9.3_03-3.44.2
SUSE CaaS Platform 3.0 (src):    xen-4.9.3_03-3.44.2
Comment 6 Swamp Workflow Management 2018-10-30 11:12:19 UTC
openSUSE-SU-2018:3560-1: An update that solves 5 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1027519,1078292,1091107,1094508,1103275,1103276,1103279,1106263,1111014
CVE References: CVE-2018-15468,CVE-2018-15469,CVE-2018-15470,CVE-2018-17963,CVE-2018-3646
Sources used:
openSUSE Leap 42.3 (src):    xen-4.9.3_03-31.1
Comment 8 Swamp Workflow Management 2018-12-28 23:18:20 UTC
SUSE-SU-2018:4300-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1027519,1078292,1091107,1094508,1103275,1103276,1103279,1105528,1108940,1114405,1115040,1115045,1115047
CVE References: CVE-2018-15468,CVE-2018-15469,CVE-2018-15470,CVE-2018-18883,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-3646
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    xen-4.10.2_04-3.9.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    xen-4.10.2_04-3.9.1
Comment 9 Swamp Workflow Management 2018-12-29 14:12:32 UTC
openSUSE-SU-2018:4304-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1027519,1078292,1091107,1094508,1103275,1103276,1103279,1105528,1108940,1114405,1115040,1115045,1115047
CVE References: CVE-2018-15468,CVE-2018-15469,CVE-2018-15470,CVE-2018-18883,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-3646
Sources used:
openSUSE Leap 15.0 (src):    xen-4.10.2_04-lp150.2.12.1