Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux 12-SP5: SUSE-SU-2020:1139-1 Important: Xen Security Issues

suse
Calendar Grey April 29, 2020
Dist Suse Esm H88
SUSE Linux 12-SP5 has been issued a critical security patch for xen, addressing various vulnerabilities. Read for more information.
An update that solves 6 vulnerabilities and has 8 fixes is now available

Summary

This update for xen to version 4.12.2 fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392). - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140). - CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142). - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143). - CVE-2020-7211: Fixed potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - arm: a CPU may speculate past the ERET instruction (bsc#1160932). Non-security issues fixed: - Xenstored Crashed during VM install (bsc#1167152) - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)

References

#1027519 #1134506 #1155200 #1157490 #1160932

#1161181 #1162040 #1165206 #1167007 #1167152

#1168140 #1168142 #1168143 #1169392

Cross- CVE-2020-11739 CVE-2020-11740 CVE-2020-11741

CVE-2020-11742 CVE-2020-11743 CVE-2020-7211

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2020-11739.html

https://www.suse.com/security/cve/CVE-2020-11740.html

https://www.suse.com/security/cve/CVE-2020-11741.html

https://www.suse.com/security/cve/CVE-2020-11742.html

https://www.suse.com/security/cve/CVE-2020-11743.html

https://www.suse.com/security/cve/CVE-2020-7211.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1134506

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1139-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here