CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521).
CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523).
CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522).
Bug fixes:
bsc#1027519: Add upstream patches from January.
bsc#1098403: Fix regression introduced by changes for bsc#1079730. A PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen.