Alerts This Week
Warning Icon 1 1,139
Alerts This Week
Warning Icon 1 1,139

openSUSE: 2024:4163-1 important: xen Advisory Security Update

opensuse
Calendar Grey December 4, 2024
Dist Opensuse Esm H88
Critical updates for openSUSE addressing multiple security issues in Xen. Immediate installation recommended for affected users.
An update that solves three vulnerabilities and has two security fixes can now be installed.

Description

This update for xen fixes the following issues:

Security issues fixed:

* CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622)

* CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables

(bsc#1232624)

* CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366)

Non-security issues fixed:

* Removed usage of net-tools-deprecated from supportconfig plugin

(bsc#1232542)

* Upstream bug fixes (bsc#1027519)

## Special Instructions and Notes:

* Please reboot the system after installing this update.

Topics%20covered

Topics Covered

No topics assigned

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2024-4163=1 openSUSE-SLE-15.6-2024-4163=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4163=1

* Server Applications Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-4163=1

Package List

* openSUSE Leap 15.6 (aarch64 x86_64 i586)

* xen-tools-domU-debuginfo-4.18.3_06-150600.3.12.1

* xen-libs-debuginfo-4.18.3_06-150600.3.12.1

* xen-libs-4.18.3_06-150600.3.12.1

* xen-debugsource-4.18.3_06-150600.3.12.1

* xen-tools-domU-4.18.3_06-150600.3.12.1

* xen-devel-4.18.3_06-150600.3.12.1

* openSUSE Leap 15.6 (x86_64)

* xen-libs-32bit-debuginfo-4.18.3_06-150600.3.12.1

* xen-libs-32bit-4.18.3_06-150600.3.12.1

* openSUSE Leap 15.6 (aarch64 x86_64)

* xen-4.18.3_06-150600.3.12.1

* xen-doc-html-4.18.3_06-150600.3.12.1

* xen-tools-4.18.3_06-150600.3.12.1

* xen-tools-debuginfo-4.18.3_06-150600.3.12.1

* openSUSE Leap 15.6 (noarch)

* xen-tools-xendomains-wait-disk-4.18.3_06-150600.3.12.1

* openSUSE Leap 15.6 (aarch64_ilp32)

* xen-libs-64bit-debuginfo-4.18.3_06-150600.3.12.1

* xen-libs-64bit-4.18.3_06-150600.3.12.1

* Basesystem Module 15-SP6 (x86_64)

* xen-tools-domU-debuginfo-4.18.3_06-150600.3.12.1

* xen-libs-debuginfo-4.18.3_06-150600.3.12.1

* xen-libs-4.18.3_06-150600.3.12.1

*...

Read the Full Advisory

References

* bsc#1027519

* bsc#1230366

* bsc#1232542

* bsc#1232622

* bsc#1232624

## References:

* https://www.suse.com/security/cve/CVE-2024-45817.html

* https://www.suse.com/security/cve/CVE-2024-45818.html

* https://www.suse.com/security/cve/CVE-2024-45819.html

* https://bugzilla.suse.com/show_bug.cgi?id=1027519

* https://bugzilla.suse.com/show_bug.cgi?id=1230366

* https://bugzilla.suse.com/show_bug.cgi?id=1232542

* https://bugzilla.suse.com/show_bug.cgi?id=1232622

* https://bugzilla.suse.com/show_bug.cgi?id=1232624

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:4163-1
Release Date: 2024-12-04T07:57:17Z
Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics%20covered

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here