What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1138-1
Rating:             important
References:         #1027519 #1155200 #1160932 #1161181 #1167152 
                    #1168140 #1168142 #1168143 #1169392 
Cross-References:   CVE-2020-11739 CVE-2020-11740 CVE-2020-11741
                    CVE-2020-11742 CVE-2020-11743 CVE-2020-7211
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP4
                    SUSE Linux Enterprise Server 12-SP4
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has three fixes
   is now available.

Description:

   This update for xen fixes the following issues:

   Security issues fixed:

   - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).
   - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues
     (bsc#1168140).
   - CVE-2020-11739: Missing memory barriers in read-write unlock paths
     (bsc#1168142).
   - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).
   - CVE-2020-7211: Fixed potential directory traversal using relative paths
     via tftp server on Windows host (bsc#1161181).
   - arm: a CPU may speculate past the ERET instruction (bsc#1160932).

   Non-security issues fixed:

   - Xenstored Crashed during VM install (bsc#1167152)
   - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206,
     bsc#1134506)
   - Update API compatibility versions, fixes issues for libvirt.
     (bsc#1167007, bsc#1157490)
   - aacraid blocks xen commands (bsc#1155200)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP4:

      zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1138=1

   - SUSE Linux Enterprise Server 12-SP4:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1138=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64):

      xen-debugsource-4.11.3_04-2.23.1
      xen-devel-4.11.3_04-2.23.1

   - SUSE Linux Enterprise Server 12-SP4 (x86_64):

      xen-4.11.3_04-2.23.1
      xen-debugsource-4.11.3_04-2.23.1
      xen-doc-html-4.11.3_04-2.23.1
      xen-libs-32bit-4.11.3_04-2.23.1
      xen-libs-4.11.3_04-2.23.1
      xen-libs-debuginfo-32bit-4.11.3_04-2.23.1
      xen-libs-debuginfo-4.11.3_04-2.23.1
      xen-tools-4.11.3_04-2.23.1
      xen-tools-debuginfo-4.11.3_04-2.23.1
      xen-tools-domU-4.11.3_04-2.23.1
      xen-tools-domU-debuginfo-4.11.3_04-2.23.1


References:

   https://www.suse.com/security/cve/CVE-2020-11739.html
   https://www.suse.com/security/cve/CVE-2020-11740.html
   https://www.suse.com/security/cve/CVE-2020-11741.html
   https://www.suse.com/security/cve/CVE-2020-11742.html
   https://www.suse.com/security/cve/CVE-2020-11743.html
   https://www.suse.com/security/cve/CVE-2020-7211.html
   https://bugzilla.suse.com/1027519
   https://bugzilla.suse.com/1155200
   https://bugzilla.suse.com/1160932
   https://bugzilla.suse.com/1161181
   https://bugzilla.suse.com/1167152
   https://bugzilla.suse.com/1168140
   https://bugzilla.suse.com/1168142
   https://bugzilla.suse.com/1168143
   https://bugzilla.suse.com/1169392

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:1138-1 important: xen

April 29, 2020
An update that solves 6 vulnerabilities and has three fixes is now available

Summary

This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392). - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140). - CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142). - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143). - CVE-2020-7211: Fixed potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - arm: a CPU may speculate past the ERET instruction (bsc#1160932). Non-security issues fixed: - Xenstored Crashed during VM install (bsc#1167152) - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506) - Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490) - aacraid blocks xen commands (bsc#1155200) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1138=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1138=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): xen-debugsource-4.11.3_04-2.23.1 xen-devel-4.11.3_04-2.23.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): xen-4.11.3_04-2.23.1 xen-debugsource-4.11.3_04-2.23.1 xen-doc-html-4.11.3_04-2.23.1 xen-libs-32bit-4.11.3_04-2.23.1 xen-libs-4.11.3_04-2.23.1 xen-libs-debuginfo-32bit-4.11.3_04-2.23.1 xen-libs-debuginfo-4.11.3_04-2.23.1 xen-tools-4.11.3_04-2.23.1 xen-tools-debuginfo-4.11.3_04-2.23.1 xen-tools-domU-4.11.3_04-2.23.1 xen-tools-domU-debuginfo-4.11.3_04-2.23.1

References

#1027519 #1155200 #1160932 #1161181 #1167152

#1168140 #1168142 #1168143 #1169392

Cross- CVE-2020-11739 CVE-2020-11740 CVE-2020-11741

CVE-2020-11742 CVE-2020-11743 CVE-2020-7211

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

https://www.suse.com/security/cve/CVE-2020-11739.html

https://www.suse.com/security/cve/CVE-2020-11740.html

https://www.suse.com/security/cve/CVE-2020-11741.html

https://www.suse.com/security/cve/CVE-2020-11742.html

https://www.suse.com/security/cve/CVE-2020-11743.html

https://www.suse.com/security/cve/CVE-2020-7211.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1155200

https://bugzilla.suse.com/1160932

https://bugzilla.suse.com/1161181

https://bugzilla.suse.com/1167152

https://bugzilla.suse.com/1168140

https://bugzilla.suse.com/1168142

https://bugzilla.suse.com/1168143

https://bugzilla.suse.com/1169392

Severity
Announcement ID: SUSE-SU-2020:1138-1
Rating: important

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo