SUSE: 2020:0388-1 important: xen

    Date17 Feb 2020
    300
    Posted ByLinuxSecurity Advisories
    An update that fixes 25 vulnerabilities is now available.
    
       SUSE Security Update: Security update for xen
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:0388-1
    Rating:             important
    References:         #1115045 #1126140 #1126141 #1126192 #1126195 
                        #1126196 #1126201 #1135905 #1143797 #1145652 
                        #1146874 #1149813 #1152497 #1154448 #1154456 
                        #1154458 #1154461 #1155945 #1157888 #1158003 
                        #1158004 #1158005 #1158006 #1158007 #1161181 
                        
    Cross-References:   CVE-2018-12207 CVE-2018-19965 CVE-2019-11135
                        CVE-2019-12067 CVE-2019-12068 CVE-2019-12155
                        CVE-2019-14378 CVE-2019-15890 CVE-2019-17340
                        CVE-2019-17341 CVE-2019-17342 CVE-2019-17343
                        CVE-2019-17344 CVE-2019-17347 CVE-2019-18420
                        CVE-2019-18421 CVE-2019-18424 CVE-2019-18425
                        CVE-2019-19577 CVE-2019-19578 CVE-2019-19579
                        CVE-2019-19580 CVE-2019-19581 CVE-2019-19583
                        CVE-2020-7211
    Affected Products:
                        SUSE Linux Enterprise Server for SAP 12-SP1
                        SUSE Linux Enterprise Server 12-SP1-LTSS
    ______________________________________________________________________________
    
       An update that fixes 25 vulnerabilities is now available.
    
    Description:
    
       This update for xen fixes the following issues:
    
       - CVE-2018-12207: Fixed a race condition where untrusted virtual machines
         could have been using the Instruction Fetch Unit of the Intel CPU to
         cause a Machine Exception during Page Size Change, causing the CPU core
         to be non-functional (bsc#1155945 XSA-304).
       - CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a
         non-canonical addresses (bsc#1115045 XSA-279).
       - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs
         with Transactional Memory support could be used to facilitate
         side-channel information leaks out of microarchitectural buffers,
         similar to the previously described "Microarchitectural Data Sampling"
         attack. (bsc#1152497 XSA-305).
       - CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI
         (bsc#1145652).
       - CVE-2019-12068: Fixed an infinite loop while executing script
         (bsc#1146874).
       - CVE-2019-12155: Fixed a null pointer dereference while releasing spice
         resources (bsc#1135905).
       - CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in
         slirp networking implementation (bsc#1143797).
       - CVE-2019-15890: Fixed a use-after-free during packet reassembly
         (bsc#1149813).
       - CVE-2019-17340: Fixed grant table transfer issues on large hosts
         (XSA-284 bsc#1126140).
       - CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285
         bsc#1126141).
       - CVE-2019-17342: Fixed steal_page violating page_struct access discipline
         (XSA-287 bsc#1126192).
       - CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288
         bsc#1126195).
       - CVE-2019-17344: Fixed a missing preemption in x86 PV page table
         unvalidation (XSA-290 bsc#1126196).
       - CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293
         bsc#1126201).
       - CVE-2019-18420: Fixed a hypervisor crash that could be caused by
         malicious x86 PV guests, resulting in a denial of service (bsc#1154448
         XSA-296).
       - CVE-2019-18421: Fixed a privilege escalation through malicious PV guest
         administrators (bsc#1154458 XSA-299).
       - CVE-2019-18424: Fixed a privilege escalation through DMA to physical
         devices by untrusted domains (bsc#1154461 XSA-302).
       - CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used
         mode (bsc#1154456 XSA-298).
       - CVE-2019-19577: Fixed an issue where a malicious guest administrator
         could have caused Xen to access data structures while they are being
         modified leading to a crash (bsc#1158007 XSA-311).
       - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could
         have caused hypervisor crash resulting in denial of service affecting
         the entire host (bsc#1158005 XSA-309).
       - CVE-2019-19579: Fixed a privilege escalation where an untrusted domain
         with access to a physical device can DMA into host memory (bsc#1157888
         XSA-306).
       - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest
         administrator could have been able to escalate their privilege to that
         of the host (bsc#1158006 XSA-310).
       - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm
         (bsc#1158003 XSA-307).
       - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH
         guest userspace code to crash the guest, leading to a guest denial of
         service (bsc#1158004 XSA-308).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-388=1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-388=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
    
          xen-4.5.5_28-22.64.1
          xen-debugsource-4.5.5_28-22.64.1
          xen-doc-html-4.5.5_28-22.64.1
          xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1
          xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1
          xen-libs-32bit-4.5.5_28-22.64.1
          xen-libs-4.5.5_28-22.64.1
          xen-libs-debuginfo-32bit-4.5.5_28-22.64.1
          xen-libs-debuginfo-4.5.5_28-22.64.1
          xen-tools-4.5.5_28-22.64.1
          xen-tools-debuginfo-4.5.5_28-22.64.1
          xen-tools-domU-4.5.5_28-22.64.1
          xen-tools-domU-debuginfo-4.5.5_28-22.64.1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):
    
          xen-4.5.5_28-22.64.1
          xen-debugsource-4.5.5_28-22.64.1
          xen-doc-html-4.5.5_28-22.64.1
          xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1
          xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1
          xen-libs-32bit-4.5.5_28-22.64.1
          xen-libs-4.5.5_28-22.64.1
          xen-libs-debuginfo-32bit-4.5.5_28-22.64.1
          xen-libs-debuginfo-4.5.5_28-22.64.1
          xen-tools-4.5.5_28-22.64.1
          xen-tools-debuginfo-4.5.5_28-22.64.1
          xen-tools-domU-4.5.5_28-22.64.1
          xen-tools-domU-debuginfo-4.5.5_28-22.64.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-12207.html
       https://www.suse.com/security/cve/CVE-2018-19965.html
       https://www.suse.com/security/cve/CVE-2019-11135.html
       https://www.suse.com/security/cve/CVE-2019-12067.html
       https://www.suse.com/security/cve/CVE-2019-12068.html
       https://www.suse.com/security/cve/CVE-2019-12155.html
       https://www.suse.com/security/cve/CVE-2019-14378.html
       https://www.suse.com/security/cve/CVE-2019-15890.html
       https://www.suse.com/security/cve/CVE-2019-17340.html
       https://www.suse.com/security/cve/CVE-2019-17341.html
       https://www.suse.com/security/cve/CVE-2019-17342.html
       https://www.suse.com/security/cve/CVE-2019-17343.html
       https://www.suse.com/security/cve/CVE-2019-17344.html
       https://www.suse.com/security/cve/CVE-2019-17347.html
       https://www.suse.com/security/cve/CVE-2019-18420.html
       https://www.suse.com/security/cve/CVE-2019-18421.html
       https://www.suse.com/security/cve/CVE-2019-18424.html
       https://www.suse.com/security/cve/CVE-2019-18425.html
       https://www.suse.com/security/cve/CVE-2019-19577.html
       https://www.suse.com/security/cve/CVE-2019-19578.html
       https://www.suse.com/security/cve/CVE-2019-19579.html
       https://www.suse.com/security/cve/CVE-2019-19580.html
       https://www.suse.com/security/cve/CVE-2019-19581.html
       https://www.suse.com/security/cve/CVE-2019-19583.html
       https://www.suse.com/security/cve/CVE-2020-7211.html
       https://bugzilla.suse.com/1115045
       https://bugzilla.suse.com/1126140
       https://bugzilla.suse.com/1126141
       https://bugzilla.suse.com/1126192
       https://bugzilla.suse.com/1126195
       https://bugzilla.suse.com/1126196
       https://bugzilla.suse.com/1126201
       https://bugzilla.suse.com/1135905
       https://bugzilla.suse.com/1143797
       https://bugzilla.suse.com/1145652
       https://bugzilla.suse.com/1146874
       https://bugzilla.suse.com/1149813
       https://bugzilla.suse.com/1152497
       https://bugzilla.suse.com/1154448
       https://bugzilla.suse.com/1154456
       https://bugzilla.suse.com/1154458
       https://bugzilla.suse.com/1154461
       https://bugzilla.suse.com/1155945
       https://bugzilla.suse.com/1157888
       https://bugzilla.suse.com/1158003
       https://bugzilla.suse.com/1158004
       https://bugzilla.suse.com/1158005
       https://bugzilla.suse.com/1158006
       https://bugzilla.suse.com/1158007
       https://bugzilla.suse.com/1161181
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.