{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for xen","title":"Title of the patch"},{"category":"description","text":"This update for xen fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via\n  side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks\n  (bsc#1074562, bsc#1068032)\n- CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded\n  recursion, stack consumption, and hypervisor crash) or possibly gain privileges\n  via crafted page-table stacking (bsc#1061081)\n- CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host\n  OS crash) or gain host OS privileges in shadow mode by mapping a certain\n  auxiliary page (bsc#1070158).\n- CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS\n  crash) or gain host OS privileges by leveraging an incorrect mask for\n  reference-count overflow checking in shadow mode (bsc#1070159).\n- CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS\n  crash) or gain host OS privileges by leveraging incorrect error handling for\n  reference counting in shadow mode (bsc#1070160).\n- CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host\n  OS crash) if shadow mode and log-dirty mode are in place, because of an\n  incorrect assertion related to M2P (bsc#1070163).\n- CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged\n  users to cause a denial of service (out-of-bounds read and QEMU process crash)\n  by leveraging improper memory address validation (bsc#1076116).\n- CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest\n  privileged users to cause a denial of service (out-of-bounds array access and\n  QEMU process crash) via vectors related to negative pitch (bsc#1076180).\n\nThese non-security issues were fixed:\n\n- bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the\n  libxl disk settings\n- bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2\n- bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100\n  seconds. If many domUs shutdown in parallel the backends couldn't keep up \n- bsc#1027519: Added several upstream patches\n  ","title":"Description of the patch"},{"category":"details","text":"SUSE-CAASP-ALL-2018-302,SUSE-SLE-DESKTOP-12-SP3-2018-302,SUSE-SLE-SDK-12-SP3-2018-302,SUSE-SLE-SERVER-12-SP3-2018-302","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0438-1.json"},{"category":"self","summary":"URL for SUSE-SU-2018:0438-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180438-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:0438-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2018-February/003729.html"},{"category":"self","summary":"SUSE Bug 1027519","url":"https://bugzilla.suse.com/1027519"},{"category":"self","summary":"SUSE Bug 1035442","url":"https://bugzilla.suse.com/1035442"},{"category":"self","summary":"SUSE Bug 1051729","url":"https://bugzilla.suse.com/1051729"},{"category":"self","summary":"SUSE Bug 1061081","url":"https://bugzilla.suse.com/1061081"},{"category":"self","summary":"SUSE Bug 1067317","url":"https://bugzilla.suse.com/1067317"},{"category":"self","summary":"SUSE Bug 1068032","url":"https://bugzilla.suse.com/1068032"},{"category":"self","summary":"SUSE Bug 1070158","url":"https://bugzilla.suse.com/1070158"},{"category":"self","summary":"SUSE Bug 1070159","url":"https://bugzilla.suse.com/1070159"},{"category":"self","summary":"SUSE Bug 1070160","url":"https://bugzilla.suse.com/1070160"},{"category":"self","summary":"SUSE Bug 1070163","url":"https://bugzilla.suse.com/1070163"},{"category":"self","summary":"SUSE Bug 1074562","url":"https://bugzilla.suse.com/1074562"},{"category":"self","summary":"SUSE Bug 1076116","url":"https://bugzilla.suse.com/1076116"},{"category":"self","summary":"SUSE Bug 1076180","url":"https://bugzilla.suse.com/1076180"},{"category":"self","summary":"SUSE CVE CVE-2017-15595 page","url":"https://www.suse.com/security/cve/CVE-2017-15595/"},{"category":"self","summary":"SUSE CVE CVE-2017-17563 page","url":"https://www.suse.com/security/cve/CVE-2017-17563/"},{"category":"self","summary":"SUSE CVE CVE-2017-17564 page","url":"https://www.suse.com/security/cve/CVE-2017-17564/"},{"category":"self","summary":"SUSE CVE CVE-2017-17565 page","url":"https://www.suse.com/security/cve/CVE-2017-17565/"},{"category":"self","summary":"SUSE CVE CVE-2017-17566 page","url":"https://www.suse.com/security/cve/CVE-2017-17566/"},{"category":"self","summary":"SUSE CVE CVE-2017-18030 page","url":"https://www.suse.com/security/cve/CVE-2017-18030/"},{"category":"self","summary":"SUSE CVE CVE-2017-5715 page","url":"https://www.suse.com/security/cve/CVE-2017-5715/"},{"category":"self","summary":"SUSE CVE CVE-2017-5753 page","url":"https://www.suse.com/security/cve/CVE-2017-5753/"},{"category":"self","summary":"SUSE CVE CVE-2017-5754 page","url":"https://www.suse.com/security/cve/CVE-2017-5754/"},{"category":"self","summary":"SUSE CVE CVE-2018-5683 page","url":"https://www.suse.com/security/cve/CVE-2018-5683/"}],"title":"Security update for xen","tracking":{"current_release_date":"2018-02-14T09:58:26Z","generator":{"date":"2018-02-14T09:58:26Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:0438-1","initial_release_date":"2018-02-14T09:58:26Z","revision_history":[{"date":"2018-02-14T09:58:26Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"xen-devel-4.9.1_08-3.26.1.aarch64","product":{"name":"xen-devel-4.9.1_08-3.26.1.aarch64","product_id":"xen-devel-4.9.1_08-3.26.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"xen-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-4.9.1_08-3.26.1.x86_64","product_id":"xen-4.9.1_08-3.26.1.x86_64"}},{"category":"product_version","name":"xen-libs-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-libs-4.9.1_08-3.26.1.x86_64","product_id":"xen-libs-4.9.1_08-3.26.1.x86_64"}},{"category":"product_version","name":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64","product_id":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64"}},{"category":"product_version","name":"xen-devel-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-devel-4.9.1_08-3.26.1.x86_64","product_id":"xen-devel-4.9.1_08-3.26.1.x86_64"}},{"category":"product_version","name":"xen-doc-html-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-doc-html-4.9.1_08-3.26.1.x86_64","product_id":"xen-doc-html-4.9.1_08-3.26.1.x86_64"}},{"category":"product_version","name":"xen-tools-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-tools-4.9.1_08-3.26.1.x86_64","product_id":"xen-tools-4.9.1_08-3.26.1.x86_64"}},{"category":"product_version","name":"xen-tools-domU-4.9.1_08-3.26.1.x86_64","product":{"name":"xen-tools-domU-4.9.1_08-3.26.1.x86_64","product_id":"xen-tools-domU-4.9.1_08-3.26.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP3","product":{"name":"SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12 SP3","product":{"name":"SUSE Linux Enterprise Software Development Kit 12 SP3","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3","product":{"name":"SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"xen-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-libs-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-devel-4.9.1_08-3.26.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64"},"product_reference":"xen-devel-4.9.1_08-3.26.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-devel-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-devel-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-doc-html-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-doc-html-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-libs-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-tools-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-domU-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-tools-domU-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-doc-html-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-doc-html-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-libs-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-libs-32bit-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-tools-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"xen-tools-domU-4.9.1_08-3.26.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64"},"product_reference":"xen-tools-domU-4.9.1_08-3.26.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"}]},"vulnerabilities":[{"cve":"CVE-2017-15595","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-15595"}],"notes":[{"category":"general","text":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-15595","url":"https://www.suse.com/security/cve/CVE-2017-15595"},{"category":"external","summary":"SUSE Bug 1061081 for CVE-2017-15595","url":"https://bugzilla.suse.com/1061081"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-15595","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"important"}],"title":"CVE-2017-15595"},{"cve":"CVE-2017-17563","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-17563"}],"notes":[{"category":"general","text":"An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-17563","url":"https://www.suse.com/security/cve/CVE-2017-17563"},{"category":"external","summary":"SUSE Bug 1070159 for CVE-2017-17563","url":"https://bugzilla.suse.com/1070159"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"moderate"}],"title":"CVE-2017-17563"},{"cve":"CVE-2017-17564","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-17564"}],"notes":[{"category":"general","text":"An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-17564","url":"https://www.suse.com/security/cve/CVE-2017-17564"},{"category":"external","summary":"SUSE Bug 1070160 for CVE-2017-17564","url":"https://bugzilla.suse.com/1070160"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-17564","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"moderate"}],"title":"CVE-2017-17564"},{"cve":"CVE-2017-17565","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-17565"}],"notes":[{"category":"general","text":"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-17565","url":"https://www.suse.com/security/cve/CVE-2017-17565"},{"category":"external","summary":"SUSE Bug 1070163 for CVE-2017-17565","url":"https://bugzilla.suse.com/1070163"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-17565","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"moderate"}],"title":"CVE-2017-17565"},{"cve":"CVE-2017-17566","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-17566"}],"notes":[{"category":"general","text":"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-17566","url":"https://www.suse.com/security/cve/CVE-2017-17566"},{"category":"external","summary":"SUSE Bug 1070158 for CVE-2017-17566","url":"https://bugzilla.suse.com/1070158"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-17566","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"moderate"}],"title":"CVE-2017-17566"},{"cve":"CVE-2017-18030","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-18030"}],"notes":[{"category":"general","text":"The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-18030","url":"https://www.suse.com/security/cve/CVE-2017-18030"},{"category":"external","summary":"SUSE Bug 1076179 for CVE-2017-18030","url":"https://bugzilla.suse.com/1076179"},{"category":"external","summary":"SUSE Bug 1076180 for CVE-2017-18030","url":"https://bugzilla.suse.com/1076180"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-18030","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":2.8,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"low"}],"title":"CVE-2017-18030"},{"cve":"CVE-2017-5715","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-5715"}],"notes":[{"category":"general","text":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-5715","url":"https://www.suse.com/security/cve/CVE-2017-5715"},{"category":"external","summary":"SUSE Bug 1068032 for CVE-2017-5715","url":"https://bugzilla.suse.com/1068032"},{"category":"external","summary":"SUSE Bug 1074562 for CVE-2017-5715","url":"https://bugzilla.suse.com/1074562"},{"category":"external","summary":"SUSE Bug 1074578 for CVE-2017-5715","url":"https://bugzilla.suse.com/1074578"},{"category":"external","summary":"SUSE Bug 1074701 for CVE-2017-5715","url":"https://bugzilla.suse.com/1074701"},{"category":"external","summary":"SUSE Bug 1074741 for CVE-2017-5715","url":"https://bugzilla.suse.com/1074741"},{"category":"external","summary":"SUSE Bug 1074919 for CVE-2017-5715","url":"https://bugzilla.suse.com/1074919"},{"category":"external","summary":"SUSE Bug 1075006 for CVE-2017-5715","url":"https://bugzilla.suse.com/1075006"},{"category":"external","summary":"SUSE Bug 1075007 for CVE-2017-5715","url":"https://bugzilla.suse.com/1075007"},{"category":"external","summary":"SUSE Bug 1075262 for CVE-2017-5715","url":"https://bugzilla.suse.com/1075262"},{"category":"external","summary":"SUSE Bug 1075419 for CVE-2017-5715","url":"https://bugzilla.suse.com/1075419"},{"category":"external","summary":"SUSE Bug 1076115 for CVE-2017-5715","url":"https://bugzilla.suse.com/1076115"},{"category":"external","summary":"SUSE Bug 1076372 for CVE-2017-5715","url":"https://bugzilla.suse.com/1076372"},{"category":"external","summary":"SUSE Bug 1076606 for CVE-2017-5715","url":"https://bugzilla.suse.com/1076606"},{"category":"external","summary":"SUSE Bug 1078353 for CVE-2017-5715","url":"https://bugzilla.suse.com/1078353"},{"category":"external","summary":"SUSE Bug 1080039 for CVE-2017-5715","url":"https://bugzilla.suse.com/1080039"},{"category":"external","summary":"SUSE Bug 1087887 for CVE-2017-5715","url":"https://bugzilla.suse.com/1087887"},{"category":"external","summary":"SUSE Bug 1087939 for CVE-2017-5715","url":"https://bugzilla.suse.com/1087939"},{"category":"external","summary":"SUSE Bug 1088147 for CVE-2017-5715","url":"https://bugzilla.suse.com/1088147"},{"category":"external","summary":"SUSE Bug 1089055 for CVE-2017-5715","url":"https://bugzilla.suse.com/1089055"},{"category":"external","summary":"SUSE Bug 1091815 for CVE-2017-5715","url":"https://bugzilla.suse.com/1091815"},{"category":"external","summary":"SUSE Bug 1095735 for CVE-2017-5715","url":"https://bugzilla.suse.com/1095735"},{"category":"external","summary":"SUSE Bug 1102517 for CVE-2017-5715","url":"https://bugzilla.suse.com/1102517"},{"category":"external","summary":"SUSE Bug 1105108 for CVE-2017-5715","url":"https://bugzilla.suse.com/1105108"},{"category":"external","summary":"SUSE Bug 1126516 for CVE-2017-5715","url":"https://bugzilla.suse.com/1126516"},{"category":"external","summary":"SUSE Bug 1173489 for CVE-2017-5715","url":"https://bugzilla.suse.com/1173489"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-5715","url":"https://bugzilla.suse.com/1178658"},{"category":"external","summary":"SUSE Bug 1201457 for CVE-2017-5715","url":"https://bugzilla.suse.com/1201457"},{"category":"external","summary":"SUSE Bug 1201877 for CVE-2017-5715","url":"https://bugzilla.suse.com/1201877"},{"category":"external","summary":"SUSE Bug 1203236 for CVE-2017-5715","url":"https://bugzilla.suse.com/1203236"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"important"}],"title":"CVE-2017-5715"},{"cve":"CVE-2017-5753","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-5753"}],"notes":[{"category":"general","text":"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-5753","url":"https://www.suse.com/security/cve/CVE-2017-5753"},{"category":"external","summary":"SUSE Bug 1068032 for CVE-2017-5753","url":"https://bugzilla.suse.com/1068032"},{"category":"external","summary":"SUSE Bug 1074562 for CVE-2017-5753","url":"https://bugzilla.suse.com/1074562"},{"category":"external","summary":"SUSE Bug 1074578 for CVE-2017-5753","url":"https://bugzilla.suse.com/1074578"},{"category":"external","summary":"SUSE Bug 1074701 for CVE-2017-5753","url":"https://bugzilla.suse.com/1074701"},{"category":"external","summary":"SUSE Bug 1075006 for CVE-2017-5753","url":"https://bugzilla.suse.com/1075006"},{"category":"external","summary":"SUSE Bug 1075419 for CVE-2017-5753","url":"https://bugzilla.suse.com/1075419"},{"category":"external","summary":"SUSE Bug 1075748 for CVE-2017-5753","url":"https://bugzilla.suse.com/1075748"},{"category":"external","summary":"SUSE Bug 1080039 for CVE-2017-5753","url":"https://bugzilla.suse.com/1080039"},{"category":"external","summary":"SUSE Bug 1087084 for CVE-2017-5753","url":"https://bugzilla.suse.com/1087084"},{"category":"external","summary":"SUSE Bug 1087939 for CVE-2017-5753","url":"https://bugzilla.suse.com/1087939"},{"category":"external","summary":"SUSE Bug 1089055 for CVE-2017-5753","url":"https://bugzilla.suse.com/1089055"},{"category":"external","summary":"SUSE Bug 1136865 for CVE-2017-5753","url":"https://bugzilla.suse.com/1136865"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-5753","url":"https://bugzilla.suse.com/1178658"},{"category":"external","summary":"SUSE Bug 1201877 for CVE-2017-5753","url":"https://bugzilla.suse.com/1201877"},{"category":"external","summary":"SUSE Bug 1209547 for CVE-2017-5753","url":"https://bugzilla.suse.com/1209547"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"important"}],"title":"CVE-2017-5753"},{"cve":"CVE-2017-5754","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-5754"}],"notes":[{"category":"general","text":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-5754","url":"https://www.suse.com/security/cve/CVE-2017-5754"},{"category":"external","summary":"SUSE Bug 1068032 for CVE-2017-5754","url":"https://bugzilla.suse.com/1068032"},{"category":"external","summary":"SUSE Bug 1074562 for CVE-2017-5754","url":"https://bugzilla.suse.com/1074562"},{"category":"external","summary":"SUSE Bug 1074578 for CVE-2017-5754","url":"https://bugzilla.suse.com/1074578"},{"category":"external","summary":"SUSE Bug 1074701 for CVE-2017-5754","url":"https://bugzilla.suse.com/1074701"},{"category":"external","summary":"SUSE Bug 1075006 for CVE-2017-5754","url":"https://bugzilla.suse.com/1075006"},{"category":"external","summary":"SUSE Bug 1075008 for CVE-2017-5754","url":"https://bugzilla.suse.com/1075008"},{"category":"external","summary":"SUSE Bug 1087939 for CVE-2017-5754","url":"https://bugzilla.suse.com/1087939"},{"category":"external","summary":"SUSE Bug 1089055 for CVE-2017-5754","url":"https://bugzilla.suse.com/1089055"},{"category":"external","summary":"SUSE Bug 1115045 for CVE-2017-5754","url":"https://bugzilla.suse.com/1115045"},{"category":"external","summary":"SUSE Bug 1136865 for CVE-2017-5754","url":"https://bugzilla.suse.com/1136865"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2017-5754","url":"https://bugzilla.suse.com/1178658"},{"category":"external","summary":"SUSE Bug 1201877 for CVE-2017-5754","url":"https://bugzilla.suse.com/1201877"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"important"}],"title":"CVE-2017-5754"},{"cve":"CVE-2018-5683","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-5683"}],"notes":[{"category":"general","text":"The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-5683","url":"https://www.suse.com/security/cve/CVE-2018-5683"},{"category":"external","summary":"SUSE Bug 1076114 for CVE-2018-5683","url":"https://bugzilla.suse.com/1076114"},{"category":"external","summary":"SUSE Bug 1076116 for CVE-2018-5683","url":"https://bugzilla.suse.com/1076116"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2018-5683","url":"https://bugzilla.suse.com/1178658"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Desktop 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.1_08-3.26.1.x86_64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.aarch64","SUSE Linux Enterprise Software Development Kit 12 SP3:xen-devel-4.9.1_08-3.26.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-02-14T09:58:26Z","details":"moderate"}],"title":"CVE-2018-5683"}]}