Oval Definition:oval:org.opensuse.security:def:64757
Revision Date:2021-09-02Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Update to Xen 4.13.3 general bug fix release (bsc#1027519).

Security issues fixed:

- CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381).

Other issues fixed:

- Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
Family:unixClass:patch
Status:Reference(s):1027282
1027519
1029377
1029902
1040164
1042670
1070853
1079761
1081750
1083507
1086001
1088004
1088009
1088573
1094814
1107030
1109663
1109847
1120644
1122191
1129346
1130840
1133452
1137942
1138459
1140868
1141853
1149121
1149792
1149955
1151490
1153238
1159035
1159622
1170595
1172686
1173389
1173937
1176189
1176589
1179246
1183243
1183877
1185682
1186428
1186429
1186433
1186434
1187406
1188050
1189373
1189376
1189378
1189380
1189381
1189882
637176
658604
673071
709442
743787
747125
751718
754447
754677
787526
809831
831629
834601
871152
885662
885882
917607
942751
951166
983582
984751
985177
985348
989523
CVE-2011-2729
CVE-2011-3389
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
CVE-2013-1752
CVE-2013-4238
CVE-2014-2667
CVE-2014-4650
CVE-2016-0772
CVE-2016-1000110
CVE-2016-5636
CVE-2016-5699
CVE-2017-18207
CVE-2018-1000802
CVE-2018-1060
CVE-2018-1061
CVE-2018-14647
CVE-2018-20406
CVE-2018-20852
CVE-2019-10160
CVE-2019-11709
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11715
CVE-2019-11717
CVE-2019-11719
CVE-2019-11729
CVE-2019-11730
CVE-2019-15903
CVE-2019-16056
CVE-2019-16935
CVE-2019-5010
CVE-2019-9636
CVE-2019-9811
CVE-2019-9947
CVE-2020-11651
CVE-2020-11652
CVE-2020-11996
CVE-2020-15095
CVE-2020-8252
CVE-2021-0089
CVE-2021-28690
CVE-2021-28692
CVE-2021-28693
CVE-2021-28694
CVE-2021-28695
CVE-2021-28696
CVE-2021-28697
CVE-2021-28698
CVE-2021-28699
CVE-2021-28700
openSUSE-SU-2020:0086-1
openSUSE-SU-2020:0564-1
openSUSE-SU-2020:1063-1
openSUSE-SU-2020:1660-1
SUSE-SU-2019:1869-1
SUSE-SU-2021:2923-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • python2-salt-2019.2.0-lp151.5.15 is installed
  • OR python3-salt-2019.2.0-lp151.5.15 is installed
  • OR salt-2019.2.0-lp151.5.15 is installed
  • OR salt-api-2019.2.0-lp151.5.15 is installed
  • OR salt-bash-completion-2019.2.0-lp151.5.15 is installed
  • OR salt-cloud-2019.2.0-lp151.5.15 is installed
  • OR salt-doc-2019.2.0-lp151.5.15 is installed
  • OR salt-fish-completion-2019.2.0-lp151.5.15 is installed
  • OR salt-master-2019.2.0-lp151.5.15 is installed
  • OR salt-minion-2019.2.0-lp151.5.15 is installed
  • OR salt-proxy-2019.2.0-lp151.5.15 is installed
  • OR salt-ssh-2019.2.0-lp151.5.15 is installed
  • OR salt-standalone-formulas-configuration-2019.2.0-lp151.5.15 is installed
  • OR salt-syndic-2019.2.0-lp151.5.15 is installed
  • OR salt-zsh-completion-2019.2.0-lp151.5.15 is installed
  • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • tomcat-9.0.36-lp152.2.3 is installed
  • OR tomcat-admin-webapps-9.0.36-lp152.2.3 is installed
  • OR tomcat-docs-webapp-9.0.36-lp152.2.3 is installed
  • OR tomcat-el-3_0-api-9.0.36-lp152.2.3 is installed
  • OR tomcat-embed-9.0.36-lp152.2.3 is installed
  • OR tomcat-javadoc-9.0.36-lp152.2.3 is installed
  • OR tomcat-jsp-2_3-api-9.0.36-lp152.2.3 is installed
  • OR tomcat-jsvc-9.0.36-lp152.2.3 is installed
  • OR tomcat-lib-9.0.36-lp152.2.3 is installed
  • OR tomcat-servlet-4_0-api-9.0.36-lp152.2.3 is installed
  • OR tomcat-webapps-9.0.36-lp152.2.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND Package Information
  • xen-libs-4.14.2_04-3.9.1 is installed
  • OR xen-tools-domU-4.14.2_04-3.9.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • libfreebl3-3.44.1-3.16 is installed
  • OR libfreebl3-32bit-3.44.1-3.16 is installed
  • OR libsoftokn3-3.44.1-3.16 is installed
  • OR libsoftokn3-32bit-3.44.1-3.16 is installed
  • OR mozilla-nss-3.44.1-3.16 is installed
  • OR mozilla-nss-32bit-3.44.1-3.16 is installed
  • OR mozilla-nss-certs-3.44.1-3.16 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-3.16 is installed
  • OR mozilla-nss-devel-3.44.1-3.16 is installed
  • OR mozilla-nss-sysinit-3.44.1-3.16 is installed
  • OR mozilla-nss-tools-3.44.1-3.16 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND apache-commons-daemon-1.0.15-2 is installed
  • BACK