Oval Definition:oval:org.opensuse.security:def:69076
Revision Date:2021-09-02Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Update to Xen 4.13.3 general bug fix release (bsc#1027519).

Security issues fixed:

- CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381).

Other issues fixed:

- Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
Family:unixClass:patch
Status:Reference(s):1027519
1137251
1170771
1176189
1178512
1179148
1179246
1180491
1181989
1183877
1185682
1186428
1186429
1186433
1186434
1188050
1189373
1189376
1189378
1189380
1189381
1189882
CVE-2020-12243
CVE-2020-28196
CVE-2021-0089
CVE-2021-28690
CVE-2021-28692
CVE-2021-28693
CVE-2021-28694
CVE-2021-28695
CVE-2021-28696
CVE-2021-28697
CVE-2021-28698
CVE-2021-28699
CVE-2021-28700
SUSE-SU-2020:1219-1
SUSE-SU-2021:2922-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Legacy Software 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
  • AND Package Information
  • openldap2-2.4.46-9.28 is installed
  • OR openldap2-back-meta-2.4.46-9.28 is installed
  • OR openldap2-back-perl-2.4.46-9.28 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • krb5-1.16.3-3.15 is installed
  • OR krb5-devel-32bit-1.16.3-3.15 is installed
  • OR krb5-mini-1.16.3-3.15 is installed
  • OR krb5-mini-devel-1.16.3-3.15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • xen-4.13.3_02-3.34.1 is installed
  • OR xen-devel-4.13.3_02-3.34.1 is installed
  • OR xen-tools-4.13.3_02-3.34.1 is installed
  • OR xen-tools-xendomains-wait-disk-4.13.3_02-3.34.1 is installed
  • BACK