Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

SUSE: 2020:14521-1 Important: Xen Multiple Threat Remediation

suse
Calendar Grey October 22, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for xen ______________________________________________________
An update that fixes 11 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205,XSA-320) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)

References

#1172205 #1173378 #1173380 #1175534 #1176343

#1176344 #1176345 #1176346 #1176347 #1176348

#1176350

Cross- CVE-2020-0543 CVE-2020-14364 CVE-2020-15565

CVE-2020-15567 CVE-2020-25595 CVE-2020-25596

CVE-2020-25597 CVE-2020-25600 CVE-2020-25601

CVE-2020-25603 CVE-2020-25604

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2020-0543.html

https://www.suse.com/security/cve/CVE-2020-14364.html

https://www.suse.com/security/cve/CVE-2020-15565.html

https://www.suse.com/security/cve/CVE-2020-15567.html

https://www.suse.com/security/cve/CVE-2020-25595.html

https://www.suse.com/security/cve/CVE-2020-25596.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:14521-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.