Oval Definition:	oval:org.opensuse.security:def:50696
Revision Date: 2020-12-01 Version: 1 Title: Security update for xen (Important) Description: This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497). - CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). (bsc#1154460). - CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464) - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458). - CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456). - CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a Denial of Service (Dos). (bsc#1154448) - Upstream bug fixes (bsc#1027519) Family: unix Class: patch Status: Reference(s): 1027519 1051510 1055014 1055186 1061843 1065600 1065729 1071995 1077428 1085030 1088047 1092115 1098633 1103990 1103991 1103992 1106383 1109837 1111666 1112374 1114685 1119113 1119532 1119835 1120163 1120423 1125703 1128902 1129923 1129991 1130836 1131645 1132390 1133021 1133401 1133738 1134303 1134395 1134760 1135556 1135642 1135897 1136161 1136264 1136343 1136935 1137625 1137728 1138879 1139712 1139751 1139771 1139865 1140133 1140228 1140328 1140405 1140424 1140428 1140454 1140463 1140575 1140577 1140637 1140658 1140709 1140715 1140719 1140726 1140727 1140728 1140814 1140887 1140888 1140889 1140891 1140893 1140948 1140954 1140955 1140956 1140957 1140958 1140959 1140960 1140961 1140962 1140964 1140971 1140972 1140992 1146403 1149032 1152472 1152489 1152497 1152763 1153095 1153245 1153274 1153921 1154353 1154448 1154456 1154458 1154460 1154461 1154464 1154488 1154492 1155518 1155945 1156395 1159058 1159104 1160634 1167152 1167773 1168140 1168142 1168143 1169392 1169790 1169978 1171634 1171688 1172004 1172108 1172197 1172205 1172247 1172405 1172418 1172871 1172963 1173160 1173258 1173376 1173377 1173378 1173380 1173468 1173485 1173798 1173813 1173954 1174002 1174003 1174026 1174117 1174121 1174205 1174247 1174362 1174387 1174484 1174625 1174645 1174689 1174699 1174737 1174748 1174757 1174762 1174770 1174771 1174777 1174805 1174824 1174825 1174852 1174865 1174880 1174897 1174906 1174969 1175009 1175010 1175011 1175012 1175013 1175014 1175015 1175016 1175017 1175018 1175019 1175020 1175021 1175052 1175112 1175116 1175128 1175149 1175175 1175176 1175180 1175181 1175182 1175183 1175184 1175185 1175186 1175187 1175188 1175189 1175190 1175191 1175192 1175195 1175199 1175213 1175232 1175263 1175284 1175296 1175344 1175345 1175346 1175347 1175367 1175377 1175440 1175493 1175546 1175550 1175654 1175691 1175768 1175769 1175770 1175771 1175772 1175774 1175775 1175834 1175873 1175898 1176485 1176713 1177086 1177353 1177410 1177411 1177470 1177739 1177749 1177750 1177754 1177755 1177765 1177814 1177817 1177854 1177855 1177856 1177861 1178002 1178079 1178246 CVE-2018-12207 CVE-2018-20105 CVE-2018-20836 CVE-2018-9154 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11135 CVE-2019-11599 CVE-2019-12838 CVE-2019-13233 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19725 CVE-2019-3695 CVE-2019-3696 CVE-2020-0543 CVE-2020-0543 CVE-2020-10745 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-12693 CVE-2020-13934 CVE-2020-13935 CVE-2020-14314 CVE-2020-14331 CVE-2020-14351 CVE-2020-14356 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-16120 CVE-2020-16166 CVE-2020-25285 CVE-2020-8022 CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 SUSE-SU-2019:1854-1 SUSE-SU-2019:2961-1 SUSE-SU-2019:2989-1 SUSE-SU-2020:0355-1 SUSE-SU-2020:0578-1 SUSE-SU-2020:1419-1 SUSE-SU-2020:1934-1 SUSE-SU-2020:2045-1 SUSE-SU-2020:2065-1 SUSE-SU-2020:2486-1 SUSE-SU-2020:3122-1 Platform(s): SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SP2 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SP2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information flash-player-11.2.202.569-0.35 is installed OR flash-player-gnome-11.2.202.569-0.35 is installed OR flash-player-kde4-11.2.202.569-0.35 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND libcgroup1-0.41.rc1-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND libevent-2_0-5-2.0.21-4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information NetworkManager-1.0.12-8 is installed OR NetworkManager-lang-1.0.12-8 is installed OR libnm-glib-vpn1-1.0.12-8 is installed OR libnm-glib4-1.0.12-8 is installed OR libnm-util2-1.0.12-8 is installed OR libnm0-1.0.12-8 is installed OR typelib-1_0-NM-1_0-1.0.12-8 is installed OR typelib-1_0-NMClient-1_0-1.0.12-8 is installed OR typelib-1_0-NetworkManager-1_0-1.0.12-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND ft2demos-2.6.3-7.10 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information at-3.1.14-8.6 is installed OR libQtWebKit4-4.8.7+2.3.4-4.7 is installed OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information xen-4.12.1_04-3.6 is installed OR xen-libs-4.12.1_04-3.6 is installed OR xen-tools-domU-4.12.1_04-3.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed AND Package Information kernel-default-5.3.18-24.34 is installed OR reiserfs-kmp-default-5.3.18-24.34 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.10 is installed OR kernel-default-livepatch-4.12.14-197.10 is installed OR kernel-default-livepatch-devel-4.12.14-197.10 is installed OR kernel-livepatch-4_12_14-197_10-default-1-3.3 is installed OR kernel-livepatch-SLE15-SP1_Update_3-1-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed AND Package Information kernel-default-5.3.18-24.12 is installed OR kernel-default-livepatch-5.3.18-24.12 is installed OR kernel-default-livepatch-devel-5.3.18-24.12 is installed OR kernel-livepatch-5_3_18-24_12-default-1-5.3 is installed OR kernel-livepatch-SLE15-SP2_Update_2-1-5.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information libslurm32-17.11.13-6.18 is installed OR slurm-17.11.13-6.18 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information xen-4.13.1_04-3.4 is installed OR xen-devel-4.13.1_04-3.4 is installed OR xen-doc-html-4.13.1_04-3.4 is installed OR xen-libs-4.13.1_04-3.4 is installed OR xen-libs-32bit-4.13.1_04-3.4 is installed OR xen-tools-4.13.1_04-3.4 is installed OR xen-tools-domU-4.13.1_04-3.4 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed AND Package Information google-compute-engine-20190801-4.38 is installed OR google-compute-engine-init-20190801-4.38 is installed OR google-compute-engine-oslogin-20190801-4.38 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND yast2-rmt-1.3.0-3.5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information colord-gtk-lang-0.1.25-3 is installed OR libcolord-gtk1-0.1.25-3 is installed OR libcolord2-1.1.7-5 is installed OR libcolord2-32bit-1.1.7-5 is installed OR libcolorhug2-1.1.7-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_67-60_64_21-default-10-4 is installed OR kgraft-patch-3_12_67-60_64_21-xen-10-4 is installed OR kgraft-patch-SLE12-SP1_Update_10-10-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information apache2-2.4.23-14 is installed OR apache2-doc-2.4.23-14 is installed OR apache2-example-pages-2.4.23-14 is installed OR apache2-prefork-2.4.23-14 is installed OR apache2-utils-2.4.23-14 is installed OR apache2-worker-2.4.23-14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information perl-5.18.2-12.14 is installed OR perl-32bit-5.18.2-12.14 is installed OR perl-base-5.18.2-12.14 is installed OR perl-doc-5.18.2-12.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information ntp-4.2.8p12-64.8 is installed OR ntp-doc-4.2.8p12-64.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_53-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_16-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information cpio-2.11-35 is installed OR cpio-lang-2.11-35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libspice-server1-0.12.8-6 is installed OR spice-0.12.8-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libX11-6-1.6.2-12.5 is installed OR libX11-6-32bit-1.6.2-12.5 is installed OR libX11-data-1.6.2-12.5 is installed OR libX11-xcb1-1.6.2-12.5 is installed OR libX11-xcb1-32bit-1.6.2-12.5 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information xen-4.10.4_10-3.31 is installed OR xen-devel-4.10.4_10-3.31 is installed OR xen-libs-4.10.4_10-3.31 is installed OR xen-tools-4.10.4_10-3.31 is installed OR xen-tools-domU-4.10.4_10-3.31 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information libldap-2_4-2-2.4.46-9.37 is installed OR libldap-2_4-2-32bit-2.4.46-9.37 is installed OR libldap-data-2.4.46-9.37 is installed OR openldap2-2.4.46-9.37 is installed OR openldap2-back-meta-2.4.46-9.37 is installed OR openldap2-back-perl-2.4.46-9.37 is installed OR openldap2-client-2.4.46-9.37 is installed OR openldap2-devel-2.4.46-9.37 is installed OR openldap2-devel-32bit-2.4.46-9.37 is installed OR openldap2-devel-static-2.4.46-9.37 is installed OR openldap2-ppolicy-check-password-1.2-9.37 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information libntfs-3g87-2016.2.22-3.3 is installed OR ntfs-3g-2016.2.22-3.3 is installed OR ntfs-3g_ntfsprogs-2016.2.22-3.3 is installed OR ntfsprogs-2016.2.22-3.3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.26 is installed OR kernel-default-extra-4.12.14-197.26 is installed Definition Synopsis SUSE OpenStack Cloud 6-LTSS is installed AND python-cryptography-2.1.4-3.15 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information python-oslo.cache-1.14.1-3.3 is installed OR python-oslo.concurrency-3.14.1-3.3 is installed OR python-oslo.db-4.13.6-3.3 is installed OR python-oslo.log-3.16.1-3.3 is installed OR python-oslo.messaging-5.10.2-3.6 is installed OR python-oslo.middleware-3.19.1-4.3 is installed OR python-oslo.serialization-2.13.2-3.3 is installed OR python-oslo.service-1.16.1-3.3 is installed OR python-oslo.utils-3.16.1-3.3 is installed OR python-oslo.versionedobjects-1.17.1-3.3 is installed OR python-oslo.vmware-2.14.1-3.3 is installed OR python-oslotest-2.10.1-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND git-2.12.3-27.14 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed
BACK