Bugzilla – Bug 1111014
VUL-0: CVE-2018-17963: xen: net: ignore packets with large size
Last modified: 2021-01-21 18:21:31 UTC
+++ This bug was initially created as a clone of Bug #1111013 +++ rh#1636777 A potential integer overflow issue was found in the QEMU emulator. It could occur when a packet with large packet size is accepted and processed. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. Fix: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html References: https://www.openwall.com/lists/oss-security/2018/10/08/1 https://bugzilla.redhat.com/show_bug.cgi?id=1636777 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17963
Applicable to xen qemu 'upstream' version for, SLE11-SP3/SP4, SLE12, SLE12-SP1 Applicable to xen qemu-traditional version for, SLE11-SP1/SP2/SP3/SP4 SLE12, SLE12-SP1/SP2/SP3/SP4 Not applicable to SLE10-SP3/SP4
Are we good to go, at least with xen for SUSE:SLE-12-SP2:Update? Need a fix xen for bug#1094508 "soon".
SUSE-SU-2018:3332-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1094508,1103276,1111014 CVE References: CVE-2018-15468,CVE-2018-17963 Sources used: SUSE OpenStack Cloud 7 (src): xen-4.7.6_05-43.42.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): xen-4.7.6_05-43.42.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): xen-4.7.6_05-43.42.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): xen-4.7.6_05-43.42.1 SUSE Enterprise Storage 4 (src): xen-4.7.6_05-43.42.1
SUSE-SU-2018:3490-1: An update that solves 5 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1027519,1078292,1091107,1094508,1103275,1103276,1103279,1106263,1111014 CVE References: CVE-2018-15468,CVE-2018-15469,CVE-2018-15470,CVE-2018-17963,CVE-2018-3646 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): xen-4.9.3_03-3.44.2 SUSE Linux Enterprise Server 12-SP3 (src): xen-4.9.3_03-3.44.2 SUSE Linux Enterprise Desktop 12-SP3 (src): xen-4.9.3_03-3.44.2 SUSE CaaS Platform ALL (src): xen-4.9.3_03-3.44.2 SUSE CaaS Platform 3.0 (src): xen-4.9.3_03-3.44.2
openSUSE-SU-2018:3560-1: An update that solves 5 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1027519,1078292,1091107,1094508,1103275,1103276,1103279,1106263,1111014 CVE References: CVE-2018-15468,CVE-2018-15469,CVE-2018-15470,CVE-2018-17963,CVE-2018-3646 Sources used: openSUSE Leap 42.3 (src): xen-4.9.3_03-31.1
SUSE-SU-2019:0003-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1027519,1108940,1111014,1114405,1114423,1114988,1115040,1115043,1115044,1115045,1115047,1117756 CVE References: CVE-2018-17963,CVE-2018-18849,CVE-2018-18883,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19963,CVE-2018-19964,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): xen-4.11.1_02-2.3.1 SUSE Linux Enterprise Server 12-SP4 (src): xen-4.11.1_02-2.3.1 SUSE Linux Enterprise Desktop 12-SP4 (src): xen-4.11.1_02-2.3.1
SUSE-SU-2019:0827-1: An update that solves 15 vulnerabilities and has 10 fixes is now available. Category: security (important) Bug References: 1027519,1056336,1105528,1108940,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126198,1126201,1127400,1129623 CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_40-22.77.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0825-1: An update that solves 14 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1056336,1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1126201,1129623 CVE References: CVE-2017-13672,CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): xen-4.5.5_28-22.58.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): xen-4.5.5_28-22.58.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:14011-1: An update that solves 14 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1110924,1111007,1111011,1111014,1112188,1114423,1114988,1115040,1115045,1115047,1117756,1123157,1126140,1126141,1126192,1126195,1126196,1129623 CVE References: CVE-2018-10839,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18438,CVE-2018-18849,CVE-2018-19665,CVE-2018-19961,CVE-2018-19962,CVE-2018-19965,CVE-2018-19966,CVE-2018-19967,CVE-2019-6778,CVE-2019-9824 Sources used: SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-45.30.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-45.30.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
Fixed and released.
released