Oval Definition:oval:org.opensuse.security:def:56644
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519)

- CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279) - CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). (XSA-268) (bsc#1103275) Note that SUSE does not ship ARM Xen, so we are not affected. - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (XSA-273) (bsc#1091107)

Non security issues fixed:

- The affinity reporting via 'xl vcpu-list' was broken (bsc#1106263) - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508)
Family:unixClass:patch
Status:Reference(s):1006984
1006989
1027519
1037811
1045315
1057086
1060354
1060355
1060360
1060361
1060362
1060364
1069666
1078292
1081741
1083903
1084191
1087200
1091107
1094508
1097560
1097824
1103275
1103276
1103279
1103809
1103810
1104076
1106263
1109465
1111014
1112039
1115034
1117473
1122292
1122299
1123482
1124525
1133810
1140868
1141780
1141782
1141783
1141785
1141787
1141789
1142772
1144902
1145665
1145692
1147021
1149323
1154212
1158442
758040
814440
904348
920160
921949
924493
926238
933514
936773
939826
939926
940776
941113
941202
943959
944296
947241
947478
949100
949192
949706
949744
949936
950013
950580
950750
950998
951110
951165
951440
951638
951864
952384
952666
953717
953826
953830
953971
953980
954635
954986
955136
955148
955224
955354
955422
955533
955644
956047
956053
956147
956284
956703
956711
956717
956801
956876
957395
957546
958504
958510
958647
962052
972468
977043
CVE-2012-6706
CVE-2014-6272
CVE-2014-9687
CVE-2015-0272
CVE-2015-2925
CVE-2015-5156
CVE-2015-7799
CVE-2015-7872
CVE-2015-7990
CVE-2015-8215
CVE-2016-0636
CVE-2016-1572
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2018-1000115
CVE-2018-1050
CVE-2018-11212
CVE-2018-12470
CVE-2018-12471
CVE-2018-12472
CVE-2018-15468
CVE-2018-15469
CVE-2018-15470
CVE-2018-17963
CVE-2018-18386
CVE-2018-3646
CVE-2019-1010180
CVE-2019-10218
CVE-2019-11709
CVE-2019-11710
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11714
CVE-2019-11715
CVE-2019-11716
CVE-2019-11717
CVE-2019-11718
CVE-2019-11719
CVE-2019-11720
CVE-2019-11721
CVE-2019-11723
CVE-2019-11724
CVE-2019-11725
CVE-2019-11727
CVE-2019-11728
CVE-2019-11729
CVE-2019-11730
CVE-2019-11733
CVE-2019-11735
CVE-2019-11736
CVE-2019-11738
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11747
CVE-2019-11748
CVE-2019-11749
CVE-2019-11750
CVE-2019-11751
CVE-2019-11752
CVE-2019-11753
CVE-2019-11771
CVE-2019-11772
CVE-2019-11775
CVE-2019-17631
CVE-2019-2449
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-2933
CVE-2019-2945
CVE-2019-2958
CVE-2019-2962
CVE-2019-2964
CVE-2019-2973
CVE-2019-2975
CVE-2019-2978
CVE-2019-2981
CVE-2019-2983
CVE-2019-2988
CVE-2019-2989
CVE-2019-2992
CVE-2019-2996
CVE-2019-2999
CVE-2019-4473
CVE-2019-7317
CVE-2019-9811
CVE-2019-9812
SUSE-SU-2015:2292-1
SUSE-SU-2016:0241-1
SUSE-SU-2016:0957-1
SUSE-SU-2017:1745-1
SUSE-SU-2017:2618-1
SUSE-SU-2018:0754-1
SUSE-SU-2018:1103-1
SUSE-SU-2018:2898-1
SUSE-SU-2018:3490-1
SUSE-SU-2019:2371-1
SUSE-SU-2019:2620-1
SUSE-SU-2019:2893-1
SUSE-SU-2019:2914-1
SUSE-SU-2020:0024-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Leap 15.1 NonFree
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • gtk-vnc-lang-0.7.2-lp150.1 is installed
  • OR libgtk-vnc-2_0-0-0.7.2-lp150.1 is installed
  • OR libgvnc-1_0-0-0.7.2-lp150.1 is installed
  • OR typelib-1_0-GVnc-1_0-0.7.2-lp150.1 is installed
  • OR typelib-1_0-GtkVnc-2_0-0.7.2-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cron-4.2-lp151.4.3 is installed
  • OR cronie-1.5.1-lp151.4.3 is installed
  • OR cronie-anacron-1.5.1-lp151.4.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 NonFree is installed
  • AND opera-67.0.3575.97-lp151.2.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • xen-4.9.3_03-3.44 is installed
  • OR xen-libs-4.9.3_03-3.44 is installed
  • OR xen-libs-32bit-4.9.3_03-3.44 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • kernel-default-3.12.51-60.20 is installed
  • OR kernel-default-base-3.12.51-60.20 is installed
  • OR kernel-default-devel-3.12.51-60.20 is installed
  • OR kernel-default-man-3.12.51-60.20 is installed
  • OR kernel-devel-3.12.51-60.20 is installed
  • OR kernel-macros-3.12.51-60.20 is installed
  • OR kernel-source-3.12.51-60.20 is installed
  • OR kernel-syms-3.12.51-60.20 is installed
  • OR kernel-xen-3.12.51-60.20 is installed
  • OR kernel-xen-base-3.12.51-60.20 is installed
  • OR kernel-xen-devel-3.12.51-60.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND dnsmasq-2.78-18.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND libevent-2_0-5-2.0.21-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libdcerpc-atsvc0-4.2.4-28.32 is installed
  • OR samba-4.2.4-28.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gdm-3.10.0.1-52 is installed
  • OR gdm-lang-3.10.0.1-52 is installed
  • OR gdmflexiserver-3.10.0.1-52 is installed
  • OR libgdm1-3.10.0.1-52 is installed
  • OR typelib-1_0-Gdm-1_0-3.10.0.1-52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • xen-4.9.4_08-3.66 is installed
  • OR xen-doc-html-4.9.4_08-3.66 is installed
  • OR xen-libs-4.9.4_08-3.66 is installed
  • OR xen-libs-32bit-4.9.4_08-3.66 is installed
  • OR xen-tools-4.9.4_08-3.66 is installed
  • OR xen-tools-domU-4.9.4_08-3.66 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_140-94_42-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_15-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND dosfstools-3.0.26-6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND unrar-5.0.14-3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • res-signingkeys-3.0.37-52.23 is installed
  • OR smt-3.0.37-52.23 is installed
  • OR smt-support-3.0.37-52.23 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ucode-intel-20191112-13.53 is installed
    • BACK