Oval Definition:oval:org.opensuse.security:def:59027
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates.

The mitigation can be controlled via the 'mds' commandline option, see the documentation.

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Other fixes:

- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380). - Fixed an issue with live migration (bsc#1133818). - Added upstream bug fix (bsc#1027519).
Family:unixClass:patch
Status:Reference(s):1027519
1085449
1086039
1089152
1089635
1090820
1090822
1090823
1093311
1111331
1112142
1112143
1112144
1112146
1112147
1112148
1112152
1112153
1116380
1122706
1130680
1133191
1133818
1136446
1136935
1137597
1148987
1155321
1155787
1156318
1157763
1159329
1161719
1163809
1165528
1169658
1170603
1171186
1172405
1177513
CVE-2006-4484
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
CVE-2014-8738
CVE-2017-2518
CVE-2017-5754
CVE-2018-10471
CVE-2018-10472
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-13785
CVE-2018-1417
CVE-2018-16435
CVE-2018-20815
CVE-2018-2783
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2825
CVE-2018-2826
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3183
CVE-2018-3214
CVE-2018-8897
CVE-2019-11091
CVE-2019-11477
CVE-2019-11478
CVE-2019-11487
CVE-2019-13627
CVE-2019-15961
CVE-2019-3813
CVE-2019-3846
CVE-2019-8625
CVE-2019-8710
CVE-2019-8720
CVE-2019-8743
CVE-2019-8764
CVE-2019-8766
CVE-2019-8769
CVE-2019-8771
CVE-2019-8782
CVE-2019-8783
CVE-2019-8808
CVE-2019-8811
CVE-2019-8812
CVE-2019-8813
CVE-2019-8814
CVE-2019-8815
CVE-2019-8816
CVE-2019-8819
CVE-2019-8820
CVE-2019-8823
CVE-2019-8835
CVE-2019-8844
CVE-2019-8846
CVE-2020-10018
CVE-2020-11793
CVE-2020-12268
CVE-2020-12387
CVE-2020-12388
CVE-2020-12389
CVE-2020-12392
CVE-2020-12393
CVE-2020-12395
CVE-2020-25645
CVE-2020-3862
CVE-2020-3864
CVE-2020-3865
CVE-2020-3867
CVE-2020-3868
CVE-2020-6831
CVE-2020-8022
SUSE-SU-2018:3230-1
SUSE-SU-2019:0057-1
SUSE-SU-2019:1371-1
SUSE-SU-2019:2510-1
SUSE-SU-2019:3050-1
SUSE-SU-2019:3177-1
SUSE-SU-2020:1212-1
SUSE-SU-2020:1218-1
SUSE-SU-2020:1791-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • ghostscript-9.26a-lp150.2.12 is installed
  • OR ghostscript-devel-9.26a-lp150.2.12 is installed
  • OR ghostscript-mini-9.26a-lp150.2.12 is installed
  • OR ghostscript-mini-devel-9.26a-lp150.2.12 is installed
  • OR ghostscript-x11-9.26a-lp150.2.12 is installed
  • OR libspectre-devel-0.2.8-lp150.2.9 is installed
  • OR libspectre1-0.2.8-lp150.2.9 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND ucode-intel-20190618-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • xen-4.7.5_02-43.30 is installed
  • OR xen-doc-html-4.7.5_02-43.30 is installed
  • OR xen-libs-4.7.5_02-43.30 is installed
  • OR xen-libs-32bit-4.7.5_02-43.30 is installed
  • OR xen-tools-4.7.5_02-43.30 is installed
  • OR xen-tools-domU-4.7.5_02-43.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • xen-4.7.6_06-43.51 is installed
  • OR xen-doc-html-4.7.6_06-43.51 is installed
  • OR xen-libs-4.7.6_06-43.51 is installed
  • OR xen-libs-32bit-4.7.6_06-43.51 is installed
  • OR xen-tools-4.7.6_06-43.51 is installed
  • OR xen-tools-domU-4.7.6_06-43.51 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND binutils-2.26.1-9.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libxerces-c-3_1-3.1.1-13.3 is installed
  • OR libxerces-c-3_1-32bit-3.1.1-13.3 is installed
  • OR xerces-c-3.1.1-13.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • ibus-1.5.13-15.11 is installed
  • OR ibus-gtk-1.5.13-15.11 is installed
  • OR ibus-gtk3-1.5.13-15.11 is installed
  • OR ibus-lang-1.5.13-15.11 is installed
  • OR libibus-1_0-5-1.5.13-15.11 is installed
  • OR typelib-1_0-IBus-1_0-1.5.13-15.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libsolv-0.6.36-2.27.19 is installed
  • OR libsolv-tools-0.6.36-2.27.19 is installed
  • OR libzypp-16.20.2-27.60 is installed
  • OR perl-solv-0.6.36-2.27.19 is installed
  • OR python-solv-0.6.36-2.27.19 is installed
  • OR zypper-1.13.54-18.40 is installed
  • OR zypper-log-1.13.54-18.40 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • res-signingkeys-3.0.37-52.23 is installed
  • OR smt-3.0.37-52.23 is installed
  • OR smt-support-3.0.37-52.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • augeas-1.2.0-17.3 is installed
  • OR augeas-lenses-1.2.0-17.3 is installed
  • OR libaugeas0-1.2.0-17.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND xrdp-0.9.0~git.1456906198.f422461-21.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND clamav-0.100.3-33.29 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
    • BACK