Oval Definition:	oval:org.opensuse.security:def:53251
Revision Date: 2020-12-01 Version: 1 Title: Recommended update for xen (Important) Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). Other issues fixed: - Upstream bug fixes (bsc#1027519) - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Added a requirement for xen, xl.cfg firmware='pvgrub32|pvgrub64 (bsc#1127620). - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). Family: unix Class: patch Status: Reference(s): 1015115 1015118 1015360 1017925 1021369 1021373 1026236 1027519 1028817 1034173 1034192 1034329 1034568 1035087 1036975 1038337 1042298 1042299 1042300 1042301 1042302 1042303 1042304 1042305 1042306 1042307 1042308 1042309 1042828 1043398 1114988 1126140 1126141 1126192 1126195 1126196 1126197 1126198 1126201 1126325 1127400 1127620 1174922 1174923 901334 939567 948058 959926 962777 963436 972777 975283 976831 979441 980391 982014 989564 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-2891 CVE-2011-0461 CVE-2012-5134 CVE-2013-2126 CVE-2013-2127 CVE-2014-0558 CVE-2014-0564 CVE-2014-0569 CVE-2014-5461 CVE-2015-1283 CVE-2015-3885 CVE-2015-5477 CVE-2015-8367 CVE-2015-8947 CVE-2016-0718 CVE-2016-10327 CVE-2016-1602 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2052 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-5104 CVE-2017-13735 CVE-2017-14608 CVE-2017-16909 CVE-2017-5838 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2017-7507 CVE-2017-7869 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 CVE-2017-9433 CVE-2018-19967 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 CVE-2020-12673 CVE-2020-12674 SUSE-SU-2015:1305-1 SUSE-SU-2016:1508-1 SUSE-SU-2016:1639-1 SUSE-SU-2017:1663-1 SUSE-SU-2017:1821-1 SUSE-SU-2017:1838-1 SUSE-SU-2019:0875-1 SUSE-SU-2020:2267-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information aaa_base-84.87+git20180409.04c9dae-lp150.1 is installed OR aaa_base-extras-84.87+git20180409.04c9dae-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information gvim-8.0.1568-lp151.5.3 is installed OR vim-8.0.1568-lp151.5.3 is installed OR vim-data-8.0.1568-lp151.5.3 is installed OR vim-data-common-8.0.1568-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.4esr-0.5 is installed OR MozillaFirefox-branding-SLED-7-0.6.9 is installed OR MozillaFirefox-translations-17.0.4esr-0.5 is installed OR beagle-0.3.8-56.51 is installed OR beagle-evolution-0.3.8-56.51 is installed OR beagle-firefox-0.3.8-56.51 is installed OR beagle-gui-0.3.8-56.51 is installed OR beagle-lang-0.3.8-56.51 is installed OR libfreebl3-3.14.2-0.4.3 is installed OR libfreebl3-32bit-3.14.2-0.4.3 is installed OR mhtml-firefox-0.5-1.47.51 is installed OR mozilla-nspr-4.9.5-0.3 is installed OR mozilla-nspr-32bit-4.9.5-0.3 is installed OR mozilla-nss-3.14.2-0.4.3 is installed OR mozilla-nss-32bit-3.14.2-0.4.3 is installed OR mozilla-nss-tools-3.14.2-0.4.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.4.0esr-0.8 is installed OR MozillaFirefox-branding-SLED-24-0.7 is installed OR MozillaFirefox-translations-24.4.0esr-0.8 is installed OR mozilla-nspr-4.10.4-0.3 is installed OR mozilla-nspr-32bit-4.10.4-0.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information flash-player-11.2.202.491-0.11 is installed OR flash-player-gnome-11.2.202.491-0.11 is installed OR flash-player-kde4-11.2.202.491-0.11 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information flash-player-11.2.202.411-4 is installed OR flash-player-gnome-11.2.202.411-4 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libimobiledevice-1.1.5-6 is installed OR libimobiledevice-tools-1.1.5-6 is installed OR libimobiledevice4-1.1.5-6 is installed OR libusbmuxd2-1.0.8-12 is installed OR usbmuxd-1.0.8-12 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libsmi-0.4.8-18 is installed OR libsmi2-0.4.8-18 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-36 is installed OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND libraw9-0.15.4-21 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information xen-4.10.3_02-3.14 is installed OR xen-devel-4.10.3_02-3.14 is installed OR xen-tools-4.10.3_02-3.14 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information dovecot23-2.3.10-16 is installed OR dovecot23-backend-mysql-2.3.10-16 is installed OR dovecot23-backend-pgsql-2.3.10-16 is installed OR dovecot23-backend-sqlite-2.3.10-16 is installed OR dovecot23-devel-2.3.10-16 is installed OR dovecot23-fts-2.3.10-16 is installed OR dovecot23-fts-lucene-2.3.10-16 is installed OR dovecot23-fts-solr-2.3.10-16 is installed OR dovecot23-fts-squat-2.3.10-16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information gnome-shell-3.10.4-40 is installed OR gnome-shell-browser-plugin-3.10.4-40 is installed OR gnome-shell-lang-3.10.4-40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND ucode-intel-20180425-13.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libapr1-1.5.1-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND ucode-intel-20190618-13.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information openslp-2.0.0-18.15 is installed OR openslp-32bit-2.0.0-18.15 is installed OR openslp-server-2.0.0-18.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_59-92_24-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_9-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information curl-7.37.0-36 is installed OR libcurl4-7.37.0-36 is installed OR libcurl4-32bit-7.37.0-36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libssh2-1-1.4.3-20.9 is installed OR libssh2-1-32bit-1.4.3-20.9 is installed OR libssh2_org-1.4.3-20.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND squid-3.5.21-26.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information ceph-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR librados2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR librbd1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR librgw2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR python-rados-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12 is installed OR python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND busybox-1.21.1-3 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND couchdb-1.6.1-2 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND ucode-intel-20180703-13.25 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libmariadb3-3.0.3-3.3 is installed OR mariadb-10.2.15-4.3 is installed OR mariadb-client-10.2.15-4.3 is installed OR mariadb-connector-c-3.0.3-3.3 is installed OR mariadb-errormessages-10.2.15-4.3 is installed OR mariadb-galera-10.2.15-4.3 is installed OR mariadb-tools-10.2.15-4.3 is installed OR xtrabackup-2.4.10-4.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libpython2_7-1_0-2.7.13-28.31 is installed OR libpython2_7-1_0-32bit-2.7.13-28.31 is installed OR python-2.7.13-28.31 is installed OR python-32bit-2.7.13-28.31 is installed OR python-base-2.7.13-28.31 is installed OR python-base-32bit-2.7.13-28.31 is installed OR python-curses-2.7.13-28.31 is installed OR python-demo-2.7.13-28.31 is installed OR python-devel-2.7.13-28.31 is installed OR python-doc-2.7.13-28.31 is installed OR python-doc-pdf-2.7.13-28.31 is installed OR python-gdbm-2.7.13-28.31 is installed OR python-idle-2.7.13-28.31 is installed OR python-tk-2.7.13-28.31 is installed OR python-xml-2.7.13-28.31 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1569587091.3f083d63c-3.10 is installed OR crowbar-core-branding-upstream-6.0+git.1569587091.3f083d63c-3.10 is installed OR crowbar-ha-6.0+git.1567673476.1342c3d-3.10 is installed OR crowbar-openstack-6.0+git.1569805311.a94583476-3.10 is installed OR crowbar-ui-1.3.0+git.1568396400.0344a727-11 is installed OR grafana-6.2.5-3.6 is installed OR grafana-monasca-ui-drilldown-1.14.1~dev9-3.6 is installed OR novnc-1.1.0-3.3 is installed OR openstack-cinder-13.0.7~dev16-3.10 is installed OR openstack-cinder-api-13.0.7~dev16-3.10 is installed OR openstack-cinder-backup-13.0.7~dev16-3.10 is installed OR openstack-cinder-scheduler-13.0.7~dev16-3.10 is installed OR openstack-cinder-volume-13.0.7~dev16-3.10 is installed OR openstack-dashboard-14.0.4~dev11-3.6 is installed OR openstack-designate-7.0.1~dev22-3.10 is installed OR openstack-designate-agent-7.0.1~dev22-3.10 is installed OR openstack-designate-api-7.0.1~dev22-3.10 is installed OR openstack-designate-central-7.0.1~dev22-3.10 is installed OR openstack-designate-producer-7.0.1~dev22-3.10 is installed OR openstack-designate-sink-7.0.1~dev22-3.10 is installed OR openstack-designate-worker-7.0.1~dev22-3.10 is installed OR openstack-glance-17.0.1~dev30-3.3 is installed OR openstack-glance-api-17.0.1~dev30-3.3 is installed OR openstack-heat-11.0.3~dev23-3.10 is installed OR openstack-heat-api-11.0.3~dev23-3.10 is installed OR openstack-heat-api-cfn-11.0.3~dev23-3.10 is installed OR openstack-heat-engine-11.0.3~dev23-3.10 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev23-3.10 is installed OR openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.6 is installed OR openstack-horizon-plugin-monasca-ui-1.14.1~dev9-3.6 is installed OR openstack-ironic-11.1.4~dev15-3.10 is installed OR openstack-ironic-api-11.1.4~dev15-3.10 is installed OR openstack-ironic-conductor-11.1.4~dev15-3.10 is installed OR openstack-ironic-python-agent-3.3.3~dev5-3.10 is installed OR openstack-keystone-14.1.1~dev16-3.10 is installed OR openstack-manila-7.3.1~dev6-4.10 is installed OR openstack-manila-api-7.3.1~dev6-4.10 is installed OR openstack-manila-data-7.3.1~dev6-4.10 is installed OR openstack-manila-scheduler-7.3.1~dev6-4.10 is installed OR openstack-manila-share-7.3.1~dev6-4.10 is installed OR openstack-neutron-13.0.5~dev50-3.10 is installed OR openstack-neutron-dhcp-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-gbp-5.0.1~dev472-3.10 is installed OR openstack-neutron-ha-tool-13.0.5~dev50-3.10 is installed OR openstack-neutron-l3-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-linuxbridge-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-macvtap-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-metadata-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-metering-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-openvswitch-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-server-13.0.5~dev50-3.10 is installed OR openstack-nova-18.2.3~dev22-3.10 is installed OR openstack-nova-api-18.2.3~dev22-3.10 is installed OR openstack-nova-cells-18.2.3~dev22-3.10 is installed OR openstack-nova-compute-18.2.3~dev22-3.10 is installed OR openstack-nova-conductor-18.2.3~dev22-3.10 is installed OR openstack-nova-console-18.2.3~dev22-3.10 is installed OR openstack-nova-novncproxy-18.2.3~dev22-3.10 is installed OR openstack-nova-placement-api-18.2.3~dev22-3.10 is installed OR openstack-nova-scheduler-18.2.3~dev22-3.10 is installed OR openstack-nova-serialproxy-18.2.3~dev22-3.10 is installed OR openstack-nova-vncproxy-18.2.3~dev22-3.10 is installed OR openstack-octavia-3.1.2~dev45-3.10 is installed OR openstack-octavia-amphora-agent-3.1.2~dev45-3.10 is installed OR openstack-octavia-api-3.1.2~dev45-3.10 is installed OR openstack-octavia-health-manager-3.1.2~dev45-3.10 is installed OR openstack-octavia-housekeeping-3.1.2~dev45-3.10 is installed OR openstack-octavia-worker-3.1.2~dev45-3.10 is installed OR openstack-sahara-9.0.2~dev12-3.3 is installed OR openstack-sahara-api-9.0.2~dev12-3.3 is installed OR openstack-sahara-engine-9.0.2~dev12-3.3 is installed OR openstack-tempest-19.0.0-15 is installed OR openstack-tempest-test-19.0.0-15 is installed OR openstack-watcher-1.12.1~dev19-4.3 is installed OR openstack-watcher-doc-1.12.1~dev19-4.3 is installed OR python-cinder-13.0.7~dev16-3.10 is installed OR python-cinder-tempest-plugin-0.1.0-11 is installed OR python-designate-7.0.1~dev22-3.10 is installed OR python-glance-17.0.1~dev30-3.3 is installed OR python-heat-11.0.3~dev23-3.10 is installed OR python-horizon-14.0.4~dev11-3.6 is installed OR python-horizon-plugin-heat-ui-1.4.1~dev4-4.6 is installed OR python-horizon-plugin-monasca-ui-1.14.1~dev9-3.6 is installed OR python-ironic-11.1.4~dev15-3.10 is installed OR python-keystone-14.1.1~dev16-3.10 is installed OR python-manila-7.3.1~dev6-4.10 is installed OR python-neutron-13.0.5~dev50-3.10 is installed OR python-neutron-gbp-5.0.1~dev472-3.10 is installed OR python-nova-18.2.3~dev22-3.10 is installed OR python-octavia-3.1.2~dev45-3.10 is installed OR python-openstack_auth-14.0.4~dev11-3.6 is installed OR python-sahara-9.0.2~dev12-3.3 is installed OR python-tempest-19.0.0-15 is installed OR python-urllib3-1.23-3.9 is installed OR python-watcher-1.12.1~dev19-4.3 is installed OR ruby2.1-rubygem-easy_diff-1.0.0-4.3 is installed OR rubygem-easy_diff-1.0.0-4.3 is installed
BACK