Oval Definition:oval:org.opensuse.security:def:59924
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Security vulnerabilities fixed:

- CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423)

Other bugs fixed:

- Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed an issue with live migrations, which used to fail when spectre is enabled on xen boot cmdline (bsc#1116380) - Upstream bug fixes (bsc#1027519)
Family:unixClass:patch
Status:Reference(s):1013882
1027519
1047178
1057721
1057724
1084521
1084524
1084532
1101676
1101677
1101678
1102682
1103342
1105528
1107832
1108940
1112368
1112397
1112417
1112421
1112432
1114423
1115040
1115045
1115047
1116380
1116686
1117756
1118754
1120767
1121826
1123371
1123377
1123378
1124729
1124734
1128378
1129180
1131863
1132666
1134156
1136037
1140359
1146882
1146884
1158328
1159819
1165787
1168669
1169746
1170908
1171978
1173022
1176733
999735
CVE-2014-9645
CVE-2016-7969
CVE-2016-7972
CVE-2016-9843
CVE-2017-12837
CVE-2017-12883
CVE-2017-6512
CVE-2018-1000120
CVE-2018-1000121
CVE-2018-1000122
CVE-2018-1000872
CVE-2018-14633
CVE-2018-16890
CVE-2018-18849
CVE-2018-19665
CVE-2018-19961
CVE-2018-19962
CVE-2018-19965
CVE-2018-19966
CVE-2018-3058
CVE-2018-3063
CVE-2018-3064
CVE-2018-3066
CVE-2018-3143
CVE-2018-3156
CVE-2018-3174
CVE-2018-3251
CVE-2018-3282
CVE-2018-5390
CVE-2019-11745
CVE-2019-12973
CVE-2019-12973
CVE-2019-13722
CVE-2019-14811
CVE-2019-14811
CVE-2019-14812
CVE-2019-14812
CVE-2019-14813
CVE-2019-14813
CVE-2019-14817
CVE-2019-14817
CVE-2019-17005
CVE-2019-17006
CVE-2019-17008
CVE-2019-17009
CVE-2019-17010
CVE-2019-17011
CVE-2019-17012
CVE-2019-2529
CVE-2019-2537
CVE-2019-3822
CVE-2019-3823
CVE-2019-3835
CVE-2019-3835
CVE-2019-3839
CVE-2019-3839
CVE-2019-6133
CVE-2019-6974
CVE-2019-7221
CVE-2019-9213
CVE-2020-10188
CVE-2020-12399
CVE-2020-12402
CVE-2020-26117
SUSE-SU-2017:3092-1
SUSE-SU-2018:0769-1
SUSE-SU-2019:0249-1
SUSE-SU-2019:0391-1
SUSE-SU-2019:2035-1
SUSE-SU-2019:2048-1
SUSE-SU-2019:2478-1
SUSE-SU-2020:1839-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.20.2-lp150.1 is installed
  • OR libwebkit2gtk-4_0-37-2.20.2-lp150.1 is installed
  • OR libwebkit2gtk3-lang-2.20.2-lp150.1 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.20.2-lp150.1 is installed
  • OR typelib-1_0-WebKit2-4_0-2.20.2-lp150.1 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.20.2-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • chromedriver-75.0.3770.142-7 is installed
  • OR chromium-75.0.3770.142-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • xen-4.7.6_05-43.45 is installed
  • OR xen-doc-html-4.7.6_05-43.45 is installed
  • OR xen-libs-4.7.6_05-43.45 is installed
  • OR xen-libs-32bit-4.7.6_05-43.45 is installed
  • OR xen-tools-4.7.6_05-43.45 is installed
  • OR xen-tools-domU-4.7.6_05-43.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND busybox-1.21.1-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-68.1.0-109.89 is installed
  • OR MozillaFirefox-branding-SLE-68-32.8 is installed
  • OR MozillaFirefox-translations-common-68.1.0-109.89 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed
  • OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed
  • OR libwebkit2gtk3-lang-2.24.4-2.47 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed
  • OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed
  • OR webkit2gtk3-2.24.4-2.47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND gd-2.1.0-24.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gnutls-3.3.27-3.3 is installed
  • OR libgnutls-openssl27-3.3.27-3.3 is installed
  • OR libgnutls28-3.3.27-3.3 is installed
  • OR libgnutls28-32bit-3.3.27-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND python-PyKMIP-0.6.0-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • LibVNCServer-0.9.9-17.31 is installed
  • OR libvncclient0-0.9.9-17.31 is installed
  • OR libvncserver0-0.9.9-17.31 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libmysqlclient18-10.0.38-29.27 is installed
  • OR mariadb-10.0.38-29.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.23-3.9 is installed
    • BACK