This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen - CVE-2017-14318: The function __gnttab_cache_flush missed a check for grant tables, allowing a malicious guest to crash the host or for x86 PV guests to potentially escalate privileges - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon . - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor . These non-security issues were fixed: - bsc#1057358: Fixed boot into SUSE Linux Enterprise 12.3 with secure boot - bsc#1055695: Fixed restoring updates for HVM guests for ballooned domUs