Oval Definition:oval:org.opensuse.security:def:69139
Revision Date:2021-09-02Version:1
Title:Security update for xen (Important)
Description:

This update for xen fixes the following issues:

Update to Xen 4.13.3 general bug fix release (bsc#1027519).

Security issues fixed:

- CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381).

Other issues fixed:

- Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands (bsc#1183243). - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
Family:unixClass:patch
Status:Reference(s):1027519
1166751
1171252
1171254
1176189
1179246
1183243
1183877
1185682
1186428
1186429
1186433
1186434
1187406
1188050
1189373
1189376
1189378
1189380
1189381
1189882
CVE-2020-0556
CVE-2020-12653
CVE-2020-12654
CVE-2021-0089
CVE-2021-28690
CVE-2021-28692
CVE-2021-28693
CVE-2021-28694
CVE-2021-28695
CVE-2021-28696
CVE-2021-28697
CVE-2021-28698
CVE-2021-28699
CVE-2021-28700
SUSE-SU-2020:0918-1
SUSE-SU-2021:2923-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-197_29-default-4-2 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_8-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • bluez-5.48-5.25 is installed
  • OR bluez-auto-enable-devices-5.48-5.25 is installed
  • OR bluez-devel-32bit-5.48-5.25 is installed
  • OR bluez-test-5.48-5.25 is installed
  • OR libbluetooth3-32bit-5.48-5.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP3 is installed
  • AND Package Information
  • xen-4.14.2_04-3.9.1 is installed
  • OR xen-devel-4.14.2_04-3.9.1 is installed
  • OR xen-tools-4.14.2_04-3.9.1 is installed
  • OR xen-tools-xendomains-wait-disk-4.14.2_04-3.9.1 is installed
    • BACK