Oval Definition:oval:org.opensuse.security:def:56293
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:



This update for xen fixes several issues.

These security issues were fixed:

- A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655)

These non-security issues were fixed:

- bsc#1029827: Additional xenstore patch - bsc#1036146: Xen VM dumped core to wrong path - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom
Family:unixClass:patch
Status:Reference(s):1017646
1022703
1028655
1029827
1030144
1034843
1034844
1034994
1036146
1043886
1068101
1097108
1099306
1111331
933588
982014
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE-2009-1187
CVE-2009-1188
CVE-2009-3607
CVE-2009-3608
CVE-2009-5044
CVE-2009-5080
CVE-2009-5081
CVE-2011-2895
CVE-2012-2738
CVE-2012-4504
CVE-2013-1788
CVE-2013-1789
CVE-2013-1790
CVE-2013-1989
CVE-2013-2066
CVE-2013-4473
CVE-2013-4474
CVE-2014-9645
CVE-2015-3223
CVE-2015-5330
CVE-2015-5522
CVE-2015-5523
CVE-2015-8868
CVE-2016-10087
CVE-2016-5104
CVE-2016-9603
CVE-2017-7718
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
CVE-2018-10853
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-3646
CVE-2019-11091
SUSE-SU-2015:1525-1
SUSE-SU-2016:1639-1
SUSE-SU-2017:0853-1
SUSE-SU-2017:1143-1
SUSE-SU-2017:3213-1
SUSE-SU-2018:0510-1
SUSE-SU-2018:2368-1
SUSE-SU-2019:1296-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • kscreenlocker-5.12.5-lp150.1 is installed
  • OR kscreenlocker-lang-5.12.5-lp150.1 is installed
  • OR libKScreenLocker5-5.12.5-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libtasn1-4.13-lp151.4.3 is installed
  • OR libtasn1-6-4.13-lp151.4.3 is installed
  • OR libtasn1-6-32bit-4.13-lp151.4.3 is installed
  • OR libtasn1-devel-4.13-lp151.4.3 is installed
  • OR libtasn1-devel-32bit-4.13-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • libtidy-1.0-37 is installed
  • OR tidy-1.0-37 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • xen-4.7.2_04-39 is installed
  • OR xen-libs-4.7.2_04-39 is installed
  • OR xen-libs-32bit-4.7.2_04-39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • groff-1.22.2-5 is installed
  • OR groff-full-1.22.2-5 is installed
  • OR gxditview-1.22.2-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_85-default-6-2 is installed
  • OR kgraft-patch-3_12_74-60_64_85-xen-6-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_26-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND busybox-1.21.1-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • ghostscript-9.25-23.13 is installed
  • OR ghostscript-x11-9.25-23.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_74-92_29-default-11-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_10-11-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND pigz-2.3-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libcroco-0.6.11-12.3 is installed
  • OR libcroco-0_6-3-0.6.11-12.3 is installed
  • OR libcroco-0_6-3-32bit-0.6.11-12.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • alsa-1.0.27.2-15 is installed
  • OR alsa-docs-1.0.27.2-15 is installed
  • OR libasound2-1.0.27.2-15 is installed
  • OR libasound2-32bit-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • MozillaFirefox-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-devel-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-translations-52.5.0esr-109.9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.251-43.35 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.251-43.35 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.251-43.35 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.251-43.35 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • mariadb-10.2.29-3.22 is installed
  • OR mariadb-galera-10.2.29-3.22 is installed
    • BACK