Oval Definition:oval:org.opensuse.security:def:59199
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Security issues fixed:

- Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988)

Other issue addressed:

- Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236).
Family:unixClass:patch
Status:Reference(s):1006984
1006989
1013882
1026236
1037811
1065600
1070500
1083244
1086598
1097560
1097824
1101676
1101677
1101678
1103342
1103809
1103810
1104076
1108818
1112368
1112397
1112417
1112421
1112432
1114828
1114988
1116600
1116686
1118159
1118754
1120657
1122053
1122825
1123157
1124170
1126140
1126141
1126192
1126195
1126196
1126198
1126201
1127400
1128382
1128453
1128783
1129623
1129729
1131277
1132654
1132666
1132852
1133719
1134495
1134589
1136037
1136569
1137377
1137817
1138124
1138187
1138301
1138303
1138489
1138967
1139750
1140512
1140663
1142032
1142521
1142686
1143310
1154824
1157471
1160467
1160468
1164871
1165631
1170415
1171098
1171195
1171202
1171218
1171219
1171252
1171254
1171689
1171698
1172221
1172317
1173274
1175721
1175749
1176011
1176235
1176253
1176278
1176381
1176382
1176423
1176482
1176496
1176721
1176722
1176725
1176764
1176896
1176922
1176990
1177027
1177086
1177165
1177206
1177226
1177410
1177411
1177511
1177513
1177725
1177766
1178782
977043
CVE-2013-1667
CVE-2013-7490
CVE-2015-3448
CVE-2016-2851
CVE-2016-9843
CVE-2017-17051
CVE-2017-18204
CVE-2018-12470
CVE-2018-12471
CVE-2018-12472
CVE-2018-16471
CVE-2018-19967
CVE-2018-3058
CVE-2018-3063
CVE-2018-3064
CVE-2018-3066
CVE-2018-3143
CVE-2018-3156
CVE-2018-3174
CVE-2018-3251
CVE-2018-3282
CVE-2018-8048
CVE-2019-10161
CVE-2019-10167
CVE-2019-14896
CVE-2019-14897
CVE-2019-19191
CVE-2019-20919
CVE-2019-2529
CVE-2019-2537
CVE-2019-6778
CVE-2019-9735
CVE-2019-9824
CVE-2020-0404
CVE-2020-0427
CVE-2020-0431
CVE-2020-0432
CVE-2020-0543
CVE-2020-10757
CVE-2020-12114
CVE-2020-12352
CVE-2020-12652
CVE-2020-12653
CVE-2020-12654
CVE-2020-12656
CVE-2020-14351
CVE-2020-14381
CVE-2020-14390
CVE-2020-14422
CVE-2020-1749
CVE-2020-25212
CVE-2020-25284
CVE-2020-25643
CVE-2020-25645
CVE-2020-25656
CVE-2020-25705
CVE-2020-26088
CVE-2020-8694
SUSE-SU-2018:2898-2
SUSE-SU-2019:0921-1
SUSE-SU-2019:1440-1
SUSE-SU-2019:2048-1
SUSE-SU-2019:2209-1
SUSE-SU-2019:2219-1
SUSE-SU-2020:0115-1
SUSE-SU-2020:1486-1
SUSE-SU-2020:1597-1
SUSE-SU-2020:2157-1
SUSE-SU-2020:2856-1
SUSE-SU-2020:3501-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libcdio16-0.94-lp150.4 is installed
  • OR libiso9660-10-0.94-lp150.4 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • cpio-2.12-lp151.3.3 is installed
  • OR cpio-lang-2.12-lp151.3.3 is installed
  • OR cpio-mt-2.12-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • res-signingkeys-3.0.37-52.23 is installed
  • OR smt-3.0.37-52.23 is installed
  • OR smt-support-3.0.37-52.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libvirt-2.0.0-27.61 is installed
  • OR libvirt-client-2.0.0-27.61 is installed
  • OR libvirt-daemon-2.0.0-27.61 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.61 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.61 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.61 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.61 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.61 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.61 is installed
  • OR libvirt-daemon-xen-2.0.0-27.61 is installed
  • OR libvirt-doc-2.0.0-27.61 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.61 is installed
  • OR libvirt-nss-2.0.0-27.61 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • xen-4.7.6_06-43.48 is installed
  • OR xen-doc-html-4.7.6_06-43.48 is installed
  • OR xen-libs-4.7.6_06-43.48 is installed
  • OR xen-libs-32bit-4.7.6_06-43.48 is installed
  • OR xen-tools-4.7.6_06-43.48 is installed
  • OR xen-tools-domU-4.7.6_06-43.48 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND apache2-mod_perl-2.0.8-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • ghostscript-9.27-23.31 is installed
  • OR ghostscript-x11-9.27-23.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libvirglrenderer0-0.5.0-12.3 is installed
  • OR virglrenderer-0.5.0-12.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_100-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • MozillaFirefox-60.3.0-109.50 is installed
  • OR MozillaFirefox-translations-common-60.3.0-109.50 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gdk-pixbuf-lang-2.34.0-19.17 is installed
  • OR gdk-pixbuf-query-loaders-2.34.0-19.17 is installed
  • OR gdk-pixbuf-query-loaders-32bit-2.34.0-19.17 is installed
  • OR libgdk_pixbuf-2_0-0-2.34.0-19.17 is installed
  • OR libgdk_pixbuf-2_0-0-32bit-2.34.0-19.17 is installed
  • OR typelib-1_0-GdkPixbuf-2_0-2.34.0-19.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libshibsp-lite6-2.5.5-6.6 is installed
  • OR libshibsp6-2.5.5-6.6 is installed
  • OR shibboleth-sp-2.5.5-6.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-urllib3-1.23-3.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-rack-1.6.11-3.3 is installed
  • OR rubygem-rack-1.6.11-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • crowbar-core-6.0+git.1566321308.1de18b9a4-3.7 is installed
  • OR crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.7 is installed
  • OR crowbar-ha-6.0+git.1566406179.7549de2-3.7 is installed
  • OR crowbar-openstack-6.0+git.1566404979.41279a88e-3.7 is installed
  • OR crowbar-ui-1.3.0+git.1563181545.65360af5-8 is installed
  • OR openstack-ceilometer-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-central-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-compute-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-notification-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-polling-11.0.2~dev14-3.7 is installed
  • OR openstack-cinder-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-api-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-backup-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-scheduler-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-volume-13.0.7~dev3-3.7 is installed
  • OR openstack-designate-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-agent-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-api-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-central-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-producer-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-sink-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-worker-7.0.1~dev21-3.7 is installed
  • OR openstack-heat-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-api-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-api-cfn-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-engine-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-plugin-heat_docker-11.0.3~dev19-3.7 is installed
  • OR openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed
  • OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed
  • OR openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed
  • OR openstack-ironic-11.1.4~dev9-3.7 is installed
  • OR openstack-ironic-api-11.1.4~dev9-3.7 is installed
  • OR openstack-ironic-conductor-11.1.4~dev9-3.7 is installed
  • OR openstack-ironic-python-agent-3.3.3~dev4-3.7 is installed
  • OR openstack-keystone-14.1.1~dev8-3.7 is installed
  • OR openstack-magnum-7.1.1~dev28-3.7 is installed
  • OR openstack-magnum-api-7.1.1~dev28-3.7 is installed
  • OR openstack-magnum-conductor-7.1.1~dev28-3.7 is installed
  • OR openstack-manila-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-api-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-data-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-scheduler-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-share-7.3.1~dev3-4.7 is installed
  • OR openstack-monasca-notification-1.14.2~dev1-6.7 is installed
  • OR openstack-monasca-persister-1.12.1~dev9-9 is installed
  • OR openstack-monasca-persister-java-1.12.1~dev9-9 is installed
  • OR openstack-neutron-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-dhcp-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-gbp-5.0.1~dev459-3.7 is installed
  • OR openstack-neutron-ha-tool-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-l3-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-lbaas-13.0.1~dev14-3.7 is installed
  • OR openstack-neutron-lbaas-agent-13.0.1~dev14-3.7 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-macvtap-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-metadata-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-metering-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-server-13.0.5~dev22-3.7 is installed
  • OR openstack-nova-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-api-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-cells-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-compute-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-conductor-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-console-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-novncproxy-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-placement-api-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-scheduler-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-serialproxy-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-vncproxy-18.2.2~dev9-3.7 is installed
  • OR openstack-octavia-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-amphora-agent-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-api-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-health-manager-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-housekeeping-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-worker-3.1.2~dev8-3.7 is installed
  • OR openstack-tempest-19.0.0-12 is installed
  • OR openstack-tempest-test-19.0.0-12 is installed
  • OR python-ceilometer-11.0.2~dev14-3.7 is installed
  • OR python-cinder-13.0.7~dev3-3.7 is installed
  • OR python-cinder-tempest-plugin-0.1.0-8 is installed
  • OR python-designate-7.0.1~dev21-3.7 is installed
  • OR python-heat-11.0.3~dev19-3.7 is installed
  • OR python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed
  • OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed
  • OR python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed
  • OR python-ironic-11.1.4~dev9-3.7 is installed
  • OR python-ironicclient-2.5.3-4.7 is installed
  • OR python-ironicclient-doc-2.5.3-4.7 is installed
  • OR python-keystone-14.1.1~dev8-3.7 is installed
  • OR python-keystonemiddleware-5.2.0-8 is installed
  • OR python-magnum-7.1.1~dev28-3.7 is installed
  • OR python-manila-7.3.1~dev3-4.7 is installed
  • OR python-monasca-notification-1.14.2~dev1-6.7 is installed
  • OR python-monasca-persister-1.12.1~dev9-9 is installed
  • OR python-monasca-tempest-plugin-0.3.0-8 is installed
  • OR python-neutron-13.0.5~dev22-3.7 is installed
  • OR python-neutron-gbp-5.0.1~dev459-3.7 is installed
  • OR python-neutron-lbaas-13.0.1~dev14-3.7 is installed
  • OR python-nova-18.2.2~dev9-3.7 is installed
  • OR python-octavia-3.1.2~dev8-3.7 is installed
  • OR python-openstackclient-3.16.2-8 is installed
  • OR python-openstacksdk-0.17.3-8 is installed
  • OR python-proliantutils-2.8.4-8 is installed
  • OR python-tempest-19.0.0-12 is installed
  • OR python-vmware-nsx-13.0.1~dev146-9 is installed
  • OR python-vmware-nsxlib-13.0.1~dev24-8 is installed
  • OR yast2-crowbar-3.4.2-8 is installed
    • BACK