Oval Definition:oval:org.opensuse.security:def:60929
Revision Date:2020-12-01Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). - CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). - CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a denial of service (bsc#1154448 XSA-296) - CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456 XSA-298). - CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458 XSA-299). - CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a denial of service (bsc#1154460 XSA-301). - CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464 XSA-303) - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461 XSA-302). - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945 XSA-304) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497 XSA-305).
Family:unixClass:patch
Status:Reference(s):1047443
1050257
1051188
1060995
1060996
1061000
1064715
1064716
1069257
1072928
1092952
1093095
1095070
1108606
1112142
1112143
1112144
1112146
1112147
1112148
1112152
1112153
1121626
1123886
1125113
1146358
1146359
1146608
1150114
1152497
1154448
1154456
1154458
1154460
1154461
1154464
1155419
1155945
1157888
1158003
1158004
1158005
1158006
1158007
1160471
1160594
1160764
1160968
1161779
1162972
1163922
1167068
1170441
1170558
1171363
1173027
1173477
1173691
1173694
1173700
1173701
1173743
1173874
1173875
1173876
1173880
1177158
682920
983268
CVE-2016-10396
CVE-2016-5102
CVE-2017-11591
CVE-2017-11683
CVE-2017-13089
CVE-2017-13090
CVE-2017-14859
CVE-2017-14862
CVE-2017-14864
CVE-2017-16899
CVE-2017-17669
CVE-2017-18922
CVE-2018-10958
CVE-2018-10998
CVE-2018-11531
CVE-2018-12207
CVE-2018-13785
CVE-2018-16435
CVE-2018-17000
CVE-2018-21247
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3183
CVE-2018-3214
CVE-2019-11135
CVE-2019-14973
CVE-2019-15681
CVE-2019-15690
CVE-2019-16167
CVE-2019-18420
CVE-2019-18421
CVE-2019-18422
CVE-2019-18423
CVE-2019-18424
CVE-2019-18425
CVE-2019-19577
CVE-2019-19578
CVE-2019-19579
CVE-2019-19580
CVE-2019-19581
CVE-2019-19582
CVE-2019-19583
CVE-2019-20788
CVE-2019-20839
CVE-2019-20840
CVE-2019-4732
CVE-2019-6128
CVE-2019-7663
CVE-2019-8675
CVE-2019-8696
CVE-2020-12108
CVE-2020-12137
CVE-2020-14355
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
CVE-2020-14403
CVE-2020-14404
CVE-2020-2583
CVE-2020-2593
CVE-2020-2604
CVE-2020-2659
CVE-2020-8013
CVE-2020-8177
SUSE-SU-2017:2871-2
SUSE-SU-2018:0231-1
SUSE-SU-2018:0424-1
SUSE-SU-2019:0057-1
SUSE-SU-2019:3297-1
SUSE-SU-2020:0528-1
SUSE-SU-2020:0545-1
SUSE-SU-2020:1301-1
SUSE-SU-2020:1732-1
SUSE-SU-2020:2167-1
SUSE-SU-2020:3085-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND ledger-3.1.3-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND wget-1.14-21.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • curl-7.37.0-37.47 is installed
  • OR libcurl4-7.37.0-37.47 is installed
  • OR libcurl4-32bit-7.37.0-37.47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • LibVNCServer-0.9.9-17.19 is installed
  • OR libvncclient0-0.9.9-17.19 is installed
  • OR libvncserver0-0.9.9-17.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr6.5-30.63 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • exiv2-0.23-12.5 is installed
  • OR libexiv2-12-0.23-12.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • e2fsprogs-1.43.8-1 is installed
  • OR libcom_err2-1.43.8-1 is installed
  • OR libcom_err2-32bit-1.43.8-1 is installed
  • OR libext2fs2-1.43.8-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND golang-github-prometheus-node_exporter-0.18.1-1.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • xen-4.9.4_06-3.59 is installed
  • OR xen-doc-html-4.9.4_06-3.59 is installed
  • OR xen-libs-4.9.4_06-3.59 is installed
  • OR xen-libs-32bit-4.9.4_06-3.59 is installed
  • OR xen-tools-4.9.4_06-3.59 is installed
  • OR xen-tools-domU-4.9.4_06-3.59 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • dovecot22-2.2.31-19.22 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.22 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.22 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.22 is installed
    • BACK