Oval Definition:	oval:org.opensuse.security:def:60047
Revision Date: 2020-12-01 Version: 1 Title: Security update for xen (Important) Description: This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) Other issue addressed: - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). Family: unix Class: patch Status: Reference(s): 1005778 1005780 1005781 1012382 1019695 1019696 1022604 1026236 1027282 1041090 1042670 1049302 1049305 1049306 1049307 1049308 1049309 1049310 1049311 1049312 1049313 1049314 1049315 1049316 1049317 1049318 1049319 1049320 1049321 1049322 1049323 1049324 1049325 1049326 1049327 1049328 1049329 1049330 1049331 1049332 1063638 1065600 1073269 1073748 1078326 1078485 1081750 1084650 1085535 1085539 1086001 1090888 1099658 1100132 1106110 1106284 1106914 1106929 1108293 1108838 1109160 1110785 1110946 1112063 1112178 1114988 1116803 1117562 1118367 1118368 1119086 1120642 1120843 1120902 1120943 1122776 1123157 1126040 1126140 1126141 1126192 1126195 1126196 1126198 1126201 1126356 1127400 1128052 1129138 1129537 1129623 1129770 1130972 1131107 1131488 1131565 1132212 1132472 1133188 1133874 1134160 1134162 1134338 1134537 1134564 1134565 1134566 1134651 1134760 1134806 1134813 1134848 1135013 1135014 1135015 1135100 1135120 1135281 1135603 1135642 1135661 1135878 1136424 1136438 1136448 1136449 1136451 1136452 1136455 1136458 1136539 1136573 1136575 1136586 1136590 1136623 1136810 1136935 1136990 1137142 1137162 1137586 1149792 1153830 1155094 1159035 1160770 1162224 1162367 1162825 1165439 1165894 1168930 1169605 1169786 1169936 1170302 1170411 1170741 1170939 1171561 1171740 1173902 1173994 1174628 1178593 843419 945401 CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2012-4453 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-1038 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-2193 CVE-2016-2335 CVE-2016-3065 CVE-2016-8637 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-18926 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 CVE-2018-17972 CVE-2018-19967 CVE-2018-20030 CVE-2018-5741 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-18348 CVE-2019-3846 CVE-2019-5489 CVE-2019-6778 CVE-2019-9278 CVE-2019-9628 CVE-2019-9674 CVE-2019-9824 CVE-2020-11008 CVE-2020-14318 CVE-2020-14323 CVE-2020-14344 CVE-2020-1747 CVE-2020-5260 CVE-2020-8492 CVE-2020-8616 CVE-2020-8617 SUSE-SU-2017:2175-1 SUSE-SU-2018:2835-1 SUSE-SU-2019:0928-1 SUSE-SU-2019:1532-1 SUSE-SU-2020:1285-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:3351-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND python3-requests-2.18.4-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libvirt-5.1.0-lp151.7.3 is installed OR libvirt-admin-5.1.0-lp151.7.3 is installed OR libvirt-bash-completion-5.1.0-lp151.7.3 is installed OR libvirt-client-5.1.0-lp151.7.3 is installed OR libvirt-daemon-5.1.0-lp151.7.3 is installed OR libvirt-daemon-config-network-5.1.0-lp151.7.3 is installed OR libvirt-daemon-config-nwfilter-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-interface-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-libxl-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-lxc-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-network-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-nodedev-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-nwfilter-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-qemu-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-secret-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-core-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-disk-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-gluster-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-iscsi-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-logical-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-mpath-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-rbd-5.1.0-lp151.7.3 is installed OR libvirt-daemon-driver-storage-scsi-5.1.0-lp151.7.3 is installed OR libvirt-daemon-hooks-5.1.0-lp151.7.3 is installed OR libvirt-daemon-lxc-5.1.0-lp151.7.3 is installed OR libvirt-daemon-qemu-5.1.0-lp151.7.3 is installed OR libvirt-daemon-xen-5.1.0-lp151.7.3 is installed OR libvirt-devel-5.1.0-lp151.7.3 is installed OR libvirt-devel-32bit-5.1.0-lp151.7.3 is installed OR libvirt-doc-5.1.0-lp151.7.3 is installed OR libvirt-libs-5.1.0-lp151.7.3 is installed OR libvirt-lock-sanlock-5.1.0-lp151.7.3 is installed OR libvirt-nss-5.1.0-lp151.7.3 is installed OR wireshark-plugin-libvirt-5.1.0-lp151.7.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-68.0.3618.104-lp151.2.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.6_06-43.48 is installed OR xen-doc-html-4.7.6_06-43.48 is installed OR xen-libs-4.7.6_06-43.48 is installed OR xen-libs-32bit-4.7.6_06-43.48 is installed OR xen-tools-4.7.6_06-43.48 is installed OR xen-tools-domU-4.7.6_06-43.48 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information dracut-044-113 is installed OR dracut-fips-044-113 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libvirt-3.3.0-5.40 is installed OR libvirt-admin-3.3.0-5.40 is installed OR libvirt-client-3.3.0-5.40 is installed OR libvirt-daemon-3.3.0-5.40 is installed OR libvirt-daemon-config-network-3.3.0-5.40 is installed OR libvirt-daemon-config-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-interface-3.3.0-5.40 is installed OR libvirt-daemon-driver-libxl-3.3.0-5.40 is installed OR libvirt-daemon-driver-lxc-3.3.0-5.40 is installed OR libvirt-daemon-driver-network-3.3.0-5.40 is installed OR libvirt-daemon-driver-nodedev-3.3.0-5.40 is installed OR libvirt-daemon-driver-nwfilter-3.3.0-5.40 is installed OR libvirt-daemon-driver-qemu-3.3.0-5.40 is installed OR libvirt-daemon-driver-secret-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-core-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-disk-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-logical-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-mpath-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-rbd-3.3.0-5.40 is installed OR libvirt-daemon-driver-storage-scsi-3.3.0-5.40 is installed OR libvirt-daemon-hooks-3.3.0-5.40 is installed OR libvirt-daemon-lxc-3.3.0-5.40 is installed OR libvirt-daemon-qemu-3.3.0-5.40 is installed OR libvirt-daemon-xen-3.3.0-5.40 is installed OR libvirt-doc-3.3.0-5.40 is installed OR libvirt-libs-3.3.0-5.40 is installed OR libvirt-lock-sanlock-3.3.0-5.40 is installed OR libvirt-nss-3.3.0-5.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_175-94_79-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_23-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information python-PyYAML-5.1.2-26.12 is installed OR python3-PyYAML-5.1.2-26.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libtirpc-1.0.1-17.6 is installed OR libtirpc-netconfig-1.0.1-17.6 is installed OR libtirpc3-1.0.1-17.6 is installed OR libtirpc3-32bit-1.0.1-17.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND cifs-utils-6.5-9.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libraptor2-0-2.0.15-5.3 is installed OR raptor-2.0.15-5.3 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND mailman-2.1.17-3.23 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information bind-9.9.9P1-63.17 is installed OR bind-chrootenv-9.9.9P1-63.17 is installed OR bind-doc-9.9.9P1-63.17 is installed OR bind-libs-9.9.9P1-63.17 is installed OR bind-libs-32bit-9.9.9P1-63.17 is installed OR bind-utils-9.9.9P1-63.17 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information kernel-default-4.12.14-95.57 is installed OR kernel-default-base-4.12.14-95.57 is installed OR kernel-default-devel-4.12.14-95.57 is installed OR kernel-devel-4.12.14-95.57 is installed OR kernel-macros-4.12.14-95.57 is installed OR kernel-source-4.12.14-95.57 is installed OR kernel-syms-4.12.14-95.57 is installed
BACK