Oval Definition:oval:org.opensuse.security:def:58252
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Security issues fixed:

- Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)

Other issue addressed:

- Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236).
Family:unixClass:patch
Status:Reference(s):1005023
1006180
1011913
1012382
1012829
1013887
1019151
1020645
1020657
1021424
1022476
1022743
1022967
1023175
1024405
1026236
1027353
1028173
1028286
1029693
1030552
1030850
1031515
1031717
1031784
1032248
1033587
1034048
1034075
1034762
1036303
1036632
1037344
1037404
1037603
1037624
1037994
1038078
1038293
1038583
1038616
1038792
1039915
1040307
1040351
1041958
1042286
1042314
1042422
1042778
1043652
1044112
1044636
1045154
1045563
1045922
1046682
1046821
1046985
1047027
1047048
1047096
1047118
1047121
1047152
1047277
1047343
1047354
1047487
1047651
1047653
1047670
1048155
1048221
1048317
1048891
1048893
1048914
1048934
1049226
1049483
1049486
1049580
1049603
1049645
1049882
1050061
1050188
1051022
1051059
1051239
1051399
1051478
1051479
1051556
1051663
1051790
1052049
1052223
1052533
1052580
1052593
1052709
1052773
1052794
1052888
1053117
1053802
1053915
1053919
1054084
1055013
1055096
1055359
1055493
1055755
1055857
1055896
1056261
1056427
1056588
1056827
1056982
1057015
1058038
1058116
1058410
1058507
1059051
1059465
1059893
1060197
1061017
1061046
1061064
1061067
1061172
1061831
1061872
1063667
1064206
1064388
1068032
1073230
1075087
1076017
1076696
1080157
1081164
1083488
1084878
1085114
1085447
1087082
1090953
1091041
1092289
1092497
1093215
1094019
1101591
1102775
1106913
1111122
1114981
1114988
1115518
1117665
1119971
1120323
1120943
1123157
1124211
1126140
1126141
1126192
1126195
1126196
1126198
1126201
1127400
1129623
1132728
1132729
1132732
1132734
1134718
1135966
1135967
1137865
1139550
1140671
1141054
1141493
1144338
1144903
1145477
1146285
1146361
1146378
1146391
1146413
1146425
1146512
1146514
1146516
1146519
1146584
1147122
1148394
1148938
1149376
1149522
1149527
1149555
1149612
1149849
1150025
1150112
1150223
1150452
1150457
1150465
1150466
1151347
1151350
1152685
1152782
1152788
1153158
1154372
1155671
1155898
1156187
1159352
1160398
1160770
1169511
1171475
1171847
1172105
1172116
1172121
1172205
1173378
1173380
1175534
1176343
1176344
1176345
1176346
1176347
1176348
1176349
1176350
1178171
854512
932386
945190
964063
971975
974215
981309
CVE-2014-3577
CVE-2015-5262
CVE-2016-10906
CVE-2016-6328
CVE-2017-1000252
CVE-2017-10810
CVE-2017-11472
CVE-2017-11473
CVE-2017-12134
CVE-2017-12153
CVE-2017-12154
CVE-2017-12652
CVE-2017-13080
CVE-2017-13166
CVE-2017-14051
CVE-2017-14106
CVE-2017-14489
CVE-2017-15649
CVE-2017-18509
CVE-2017-18595
CVE-2017-2669
CVE-2017-7484
CVE-2017-7485
CVE-2017-7486
CVE-2017-7518
CVE-2017-7541
CVE-2017-7542
CVE-2017-7544
CVE-2017-8831
CVE-2018-1000004
CVE-2018-1068
CVE-2018-12207
CVE-2018-16864
CVE-2018-16865
CVE-2018-16866
CVE-2018-18065
CVE-2018-19967
CVE-2018-20030
CVE-2018-20976
CVE-2018-3639
CVE-2018-7566
CVE-2019-0154
CVE-2019-0155
CVE-2019-10220
CVE-2019-10245
CVE-2019-11135
CVE-2019-13272
CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
CVE-2019-14821
CVE-2019-14835
CVE-2019-15098
CVE-2019-15211
CVE-2019-15212
CVE-2019-15214
CVE-2019-15215
CVE-2019-15216
CVE-2019-15217
CVE-2019-15218
CVE-2019-15219
CVE-2019-15220
CVE-2019-15221
CVE-2019-15290
CVE-2019-15291
CVE-2019-15505
CVE-2019-15666
CVE-2019-15807
CVE-2019-15902
CVE-2019-15924
CVE-2019-15926
CVE-2019-15927
CVE-2019-16231
CVE-2019-16232
CVE-2019-16233
CVE-2019-16234
CVE-2019-16413
CVE-2019-16775
CVE-2019-16776
CVE-2019-16777
CVE-2019-16995
CVE-2019-17055
CVE-2019-17056
CVE-2019-17133
CVE-2019-17666
CVE-2019-18680
CVE-2019-18805
CVE-2019-2602
CVE-2019-2684
CVE-2019-2697
CVE-2019-2698
CVE-2019-6778
CVE-2019-7317
CVE-2019-9278
CVE-2019-9456
CVE-2019-9506
CVE-2019-9824
CVE-2020-0093
CVE-2020-0543
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114
CVE-2020-14364
CVE-2020-15565
CVE-2020-15567
CVE-2020-25595
CVE-2020-25596
CVE-2020-25597
CVE-2020-25599
CVE-2020-25600
CVE-2020-25601
CVE-2020-25603
CVE-2020-25604
CVE-2020-2754
CVE-2020-2755
CVE-2020-2756
CVE-2020-2757
CVE-2020-2773
CVE-2020-2781
CVE-2020-2800
CVE-2020-2803
CVE-2020-2805
CVE-2020-2830
SUSE-SU-2017:1250-1
SUSE-SU-2017:1690-1
SUSE-SU-2017:2869-1
SUSE-SU-2018:1012-1
SUSE-SU-2018:3447-1
SUSE-SU-2019:0921-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3060-2
SUSE-SU-2020:0247-1
SUSE-SU-2020:1534-1
SUSE-SU-2020:1686-1
SUSE-SU-2020:2822-1
SUSE-SU-2020:3149-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • alsa-1.1.5-lp150.4 is installed
  • OR libasound2-1.1.5-lp150.4 is installed
  • OR libasound2-32bit-1.1.5-lp150.4 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • apache2-mod_php7-7.2.5-lp151.6.6 is installed
  • OR php7-7.2.5-lp151.6.6 is installed
  • OR php7-bcmath-7.2.5-lp151.6.6 is installed
  • OR php7-bz2-7.2.5-lp151.6.6 is installed
  • OR php7-calendar-7.2.5-lp151.6.6 is installed
  • OR php7-ctype-7.2.5-lp151.6.6 is installed
  • OR php7-curl-7.2.5-lp151.6.6 is installed
  • OR php7-dba-7.2.5-lp151.6.6 is installed
  • OR php7-devel-7.2.5-lp151.6.6 is installed
  • OR php7-dom-7.2.5-lp151.6.6 is installed
  • OR php7-embed-7.2.5-lp151.6.6 is installed
  • OR php7-enchant-7.2.5-lp151.6.6 is installed
  • OR php7-exif-7.2.5-lp151.6.6 is installed
  • OR php7-fastcgi-7.2.5-lp151.6.6 is installed
  • OR php7-fileinfo-7.2.5-lp151.6.6 is installed
  • OR php7-firebird-7.2.5-lp151.6.6 is installed
  • OR php7-fpm-7.2.5-lp151.6.6 is installed
  • OR php7-ftp-7.2.5-lp151.6.6 is installed
  • OR php7-gd-7.2.5-lp151.6.6 is installed
  • OR php7-gettext-7.2.5-lp151.6.6 is installed
  • OR php7-gmp-7.2.5-lp151.6.6 is installed
  • OR php7-iconv-7.2.5-lp151.6.6 is installed
  • OR php7-intl-7.2.5-lp151.6.6 is installed
  • OR php7-json-7.2.5-lp151.6.6 is installed
  • OR php7-ldap-7.2.5-lp151.6.6 is installed
  • OR php7-mbstring-7.2.5-lp151.6.6 is installed
  • OR php7-mysql-7.2.5-lp151.6.6 is installed
  • OR php7-odbc-7.2.5-lp151.6.6 is installed
  • OR php7-opcache-7.2.5-lp151.6.6 is installed
  • OR php7-openssl-7.2.5-lp151.6.6 is installed
  • OR php7-pcntl-7.2.5-lp151.6.6 is installed
  • OR php7-pdo-7.2.5-lp151.6.6 is installed
  • OR php7-pear-7.2.5-lp151.6.6 is installed
  • OR php7-pear-Archive_Tar-7.2.5-lp151.6.6 is installed
  • OR php7-pgsql-7.2.5-lp151.6.6 is installed
  • OR php7-phar-7.2.5-lp151.6.6 is installed
  • OR php7-posix-7.2.5-lp151.6.6 is installed
  • OR php7-readline-7.2.5-lp151.6.6 is installed
  • OR php7-shmop-7.2.5-lp151.6.6 is installed
  • OR php7-snmp-7.2.5-lp151.6.6 is installed
  • OR php7-soap-7.2.5-lp151.6.6 is installed
  • OR php7-sockets-7.2.5-lp151.6.6 is installed
  • OR php7-sodium-7.2.5-lp151.6.6 is installed
  • OR php7-sqlite-7.2.5-lp151.6.6 is installed
  • OR php7-sysvmsg-7.2.5-lp151.6.6 is installed
  • OR php7-sysvsem-7.2.5-lp151.6.6 is installed
  • OR php7-sysvshm-7.2.5-lp151.6.6 is installed
  • OR php7-testresults-7.2.5-lp151.6.6 is installed
  • OR php7-tidy-7.2.5-lp151.6.6 is installed
  • OR php7-tokenizer-7.2.5-lp151.6.6 is installed
  • OR php7-wddx-7.2.5-lp151.6.6 is installed
  • OR php7-xmlreader-7.2.5-lp151.6.6 is installed
  • OR php7-xmlrpc-7.2.5-lp151.6.6 is installed
  • OR php7-xmlwriter-7.2.5-lp151.6.6 is installed
  • OR php7-xsl-7.2.5-lp151.6.6 is installed
  • OR php7-zip-7.2.5-lp151.6.6 is installed
  • OR php7-zlib-7.2.5-lp151.6.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • postgresql94-9.4.12-20 is installed
  • OR postgresql94-contrib-9.4.12-20 is installed
  • OR postgresql94-docs-9.4.12-20 is installed
  • OR postgresql94-server-9.4.12-20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libsnmp30-5.7.3-6.3 is installed
  • OR libsnmp30-32bit-5.7.3-6.3 is installed
  • OR net-snmp-5.7.3-6.3 is installed
  • OR perl-SNMP-5.7.3-6.3 is installed
  • OR snmp-mibs-5.7.3-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kernel-default-4.4.121-92.80 is installed
  • OR kernel-default-base-4.4.121-92.80 is installed
  • OR kernel-default-devel-4.4.121-92.80 is installed
  • OR kernel-devel-4.4.121-92.80 is installed
  • OR kernel-macros-4.4.121-92.80 is installed
  • OR kernel-source-4.4.121-92.80 is installed
  • OR kernel-syms-4.4.121-92.80 is installed
  • OR kgraft-patch-4_4_121-92_80-default-1-3.5 is installed
  • OR kgraft-patch-SLE12-SP2_Update_22-1-3.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_59-92_17-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_7-10-2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND
  • kernel-default-4.4.180-94.100 is installed
  • OR kernel-default-base-4.4.180-94.100 is installed
  • OR kernel-default-devel-4.4.180-94.100 is installed
  • OR kernel-default-man-4.4.180-94.100 is installed
  • OR kernel-devel-4.4.180-94.100 is installed
  • OR kernel-macros-4.4.180-94.100 is installed
  • OR kernel-source-4.4.180-94.100 is installed
  • OR kernel-syms-4.4.180-94.100 is installed
  • OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND
  • kernel-default-4.4.180-94.100 is installed
  • OR kernel-default-base-4.4.180-94.100 is installed
  • OR kernel-default-devel-4.4.180-94.100 is installed
  • OR kernel-default-man-4.4.180-94.100 is installed
  • OR kernel-devel-4.4.180-94.100 is installed
  • OR kernel-macros-4.4.180-94.100 is installed
  • OR kernel-source-4.4.180-94.100 is installed
  • OR kernel-syms-4.4.180-94.100 is installed
  • OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libass5-0.10.2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-60.9.0-109.86 is installed
  • OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.17-28.42 is installed
  • OR libpython2_7-1_0-32bit-2.7.17-28.42 is installed
  • OR python-2.7.17-28.42 is installed
  • OR python-32bit-2.7.17-28.42 is installed
  • OR python-base-2.7.17-28.42 is installed
  • OR python-base-32bit-2.7.17-28.42 is installed
  • OR python-curses-2.7.17-28.42 is installed
  • OR python-demo-2.7.17-28.42 is installed
  • OR python-devel-2.7.17-28.42 is installed
  • OR python-doc-2.7.17-28.42 is installed
  • OR python-doc-pdf-2.7.17-28.42 is installed
  • OR python-gdbm-2.7.17-28.42 is installed
  • OR python-idle-2.7.17-28.42 is installed
  • OR python-rpm-macros-20200207.5feb6c1-3.19 is installed
  • OR python-tk-2.7.17-28.42 is installed
  • OR python-xml-2.7.17-28.42 is installed
  • OR shared-python-startup-0.1-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND clamav-0.100.3-33.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • cups-1.7.5-20.17 is installed
  • OR cups-client-1.7.5-20.17 is installed
  • OR cups-libs-1.7.5-20.17 is installed
  • OR cups-libs-32bit-1.7.5-20.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libXpm4-3.5.11-5 is installed
  • OR libXpm4-32bit-3.5.11-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • xen-4.7.6_06-43.48 is installed
  • OR xen-doc-html-4.7.6_06-43.48 is installed
  • OR xen-libs-4.7.6_06-43.48 is installed
  • OR xen-libs-32bit-4.7.6_06-43.48 is installed
  • OR xen-tools-4.7.6_06-43.48 is installed
  • OR xen-tools-domU-4.7.6_06-43.48 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
    • BACK