Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

SUSE 15-SP2: 2021:1028-1 Important: Xen Updates Threats Resolved

suse
Calendar Grey April 6, 2021
Scroller Suse
SUSE releases critical patch for xen. Addresses two vulnerabilities and includes six other enhancements. Find out more.
An update that solves two vulnerabilities and has 6 fixes is now available

Summary

This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1027519 #1177204 #1179148 #1180690 #1181254

#1181989 #1182576 #1183072

Cross- CVE-2021-28687 CVE-2021-3308

CVSS scores:

CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:

SUSE MicroOS 5.0

SUSE Linux Enterprise Module for Server Applications 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2021-28687.html

https://www.suse.com/security/cve/CVE-2021-3308.html

https://bugzilla.suse.com/1027519

https://bugzilla.suse.com/1177204

https://bugzilla.suse.com/1179148

https://bugzilla.suse.com/1180690

https://bugzilla.suse.com/1181254

https://bugzilla.suse.com/1181989

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:1028-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.