SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:14848-1
Rating: moderate
References: #1182654 #1186013 #1186429 #1186433 #1186434
#1187369 #1187376 #1187378 #1189150 #1189376
#1189378 #1189632 #1192526 #1192554 #1192555
#1192559
Cross-References: CVE-2021-0089 CVE-2021-20255 CVE-2021-28690
CVE-2021-28692 CVE-2021-28697 CVE-2021-28698
CVE-2021-28701 CVE-2021-28703 CVE-2021-28705
CVE-2021-28706 CVE-2021-28709 CVE-2021-3527
CVE-2021-3592 CVE-2021-3594 CVE-2021-3595
CVE-2021-3682 CVE-2021-3930
CVSS scores:
CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28703 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3930 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 17 vulnerabilities is now available.
Description:
This update for xen fixes the following issues:
- CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375)
(bsc#1186433).
- CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100
(bsc#1182654).
- CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after
S3 (XSA-377) (bsc#1186434).
- CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection /
handling (XSA-373) (bsc#1186429).
- CVE-2021-28697: Fixed grant table v2 status pages may remain accessible
after de-allocation (XSA-379) (bsc#1189376).
- CVE-2021-28698: Fixed long running loops in grant table handling.
(XSA-380) (bsc#1189378).
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling
(XSA-384) (bsc#1189632).
- CVE-2021-28703: Fixed grant table v2 status pages may remain accessible
after de-allocation (take two) (XSA-387) (bsc#1192555).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful
P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit
(XSA-385) (bsc#1192554).
- CVE-2021-3527: Fixed unbounded stack allocation in usbredir
(bsc#1186013).
- CVE-2021-3592: Fixed invalid pointer initialization may lead to
information disclosure in slirp (bootp) (bsc#1187369).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to
information disclosure in slirp (udp) (bsc#1187378).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to
information disclosure in slirp (tftp) (bsc#1187376).
- CVE-2021-3682: Fixed free call on invalid pointer in usbredir bufp_alloc
(bsc#1189150).
- CVE-2021-3930: Fixed off-by-one error in mode_sense_page() in
hw/scsi/scsi-disk.c (bsc#1192526).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-xen-14848=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xen-14848=1
Package List:
- SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):
xen-kmp-default-4.4.4_50_3.0.101_108.129-61.67.1
xen-libs-4.4.4_50-61.67.1
xen-tools-domU-4.4.4_50-61.67.1
- SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
xen-4.4.4_50-61.67.1
xen-doc-html-4.4.4_50-61.67.1
xen-libs-32bit-4.4.4_50-61.67.1
xen-tools-4.4.4_50-61.67.1
- SUSE Linux Enterprise Server 11-SP4-LTSS (i586):
xen-kmp-pae-4.4.4_50_3.0.101_108.129-61.67.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
xen-debuginfo-4.4.4_50-61.67.1
xen-debugsource-4.4.4_50-61.67.1
References:
https://www.suse.com/security/cve/CVE-2021-0089.html
https://www.suse.com/security/cve/CVE-2021-20255.html
https://www.suse.com/security/cve/CVE-2021-28690.html
https://www.suse.com/security/cve/CVE-2021-28692.html
https://www.suse.com/security/cve/CVE-2021-28697.html
https://www.suse.com/security/cve/CVE-2021-28698.html
https://www.suse.com/security/cve/CVE-2021-28701.html
https://www.suse.com/security/cve/CVE-2021-28703.html
https://www.suse.com/security/cve/CVE-2021-28705.html
https://www.suse.com/security/cve/CVE-2021-28706.html
https://www.suse.com/security/cve/CVE-2021-28709.html
https://www.suse.com/security/cve/CVE-2021-3527.html
https://www.suse.com/security/cve/CVE-2021-3592.html
https://www.suse.com/security/cve/CVE-2021-3594.html
https://www.suse.com/security/cve/CVE-2021-3595.html
https://www.suse.com/security/cve/CVE-2021-3682.html
https://www.suse.com/security/cve/CVE-2021-3930.html
https://bugzilla.suse.com/1182654
https://bugzilla.suse.com/1186013
https://bugzilla.suse.com/1186429
https://bugzilla.suse.com/1186433
https://bugzilla.suse.com/1186434
https://bugzilla.suse.com/1187369
https://bugzilla.suse.com/1187376
https://bugzilla.suse.com/1187378
https://bugzilla.suse.com/1189150
https://bugzilla.suse.com/1189376
https://bugzilla.suse.com/1189378
https://bugzilla.suse.com/1189632
https://bugzilla.suse.com/1192526
https://bugzilla.suse.com/1192554
https://bugzilla.suse.com/1192555
https://bugzilla.suse.com/1192559
SUSE: 2021:14848-1 moderate: xen
December 1, 2021
An update that fixes 17 vulnerabilities is now available
Summary
This update for xen fixes the following issues: - CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375) (bsc#1186433). - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654). - CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 (XSA-377) (bsc#1186434). - CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection / handling (XSA-373) (bsc#1186429). - CVE-2021-28697: Fixed grant table v2 status pages may remain accessible after de-allocation (XSA-379) (bsc#1189376). - CVE-2021-28698: Fixed long running loops in grant table handling. (XSA-380) (bsc#1189378). - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28703: Fixed grant table v2 status pages may remain accessible after de-allocation (take two) (XSA-387) (bsc#1192555). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - CVE-2021-3527: Fixed unbounded stack allocation in usbredir (bsc#1186013). - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure in slirp (bootp) (bsc#1187369). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187378). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure in slirp (tftp) (bsc#1187376). - CVE-2021-3682: Fixed free call on invalid pointer in usbredir bufp_alloc (bsc#1189150). - CVE-2021-3930: Fixed off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (bsc#1192526).
References
#1182654 #1186013 #1186429 #1186433 #1186434
#1187369 #1187376 #1187378 #1189150 #1189376
#1189378 #1189632 #1192526 #1192554 #1192555
#1192559
Cross- CVE-2021-0089 CVE-2021-20255 CVE-2021-28690
CVE-2021-28692 CVE-2021-28697 CVE-2021-28698
CVE-2021-28701 CVE-2021-28703 CVE-2021-28705
CVE-2021-28706 CVE-2021-28709 CVE-2021-3527
CVE-2021-3592 CVE-2021-3594 CVE-2021-3595
CVE-2021-3682 CVE-2021-3930
CVSS scores:
CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28703 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3930 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2021-0089.html
https://www.suse.com/security/cve/CVE-2021-20255.html
https://www.suse.com/security/cve/CVE-2021-28690.html
https://www.suse.com/security/cve/CVE-2021-28692.html
https://www.suse.com/security/cve/CVE-2021-28697.html
https://www.suse.com/security/cve/CVE-2021-28698.html
https://www.suse.com/security/cve/CVE-2021-28701.html
https://www.suse.com/security/cve/CVE-2021-28703.html
https://www.suse.com/security/cve/CVE-2021-28705.html
https://www.suse.com/security/cve/CVE-2021-28706.html
https://www.suse.com/security/cve/CVE-2021-28709.html
https://www.suse.com/security/cve/CVE-2021-3527.html
https://www.suse.com/security/cve/CVE-2021-3592.html
https://www.suse.com/security/cve/CVE-2021-3594.html
https://www.suse.com/security/cve/CVE-2021-3595.html
https://www.suse.com/security/cve/CVE-2021-3682.html
https://www.suse.com/security/cve/CVE-2021-3930.html
https://bugzilla.suse.com/1182654
https://bugzilla.suse.com/1186013
https://bugzilla.suse.com/1186429
https://bugzilla.suse.com/1186433
https://bugzilla.suse.com/1186434
https://bugzilla.suse.com/1187369
https://bugzilla.suse.com/1187376
https://bugzilla.suse.com/1187378
https://bugzilla.suse.com/1189150
https://bugzilla.suse.com/1189376
https://bugzilla.suse.com/1189378
https://bugzilla.suse.com/1189632
https://bugzilla.suse.com/1192526
https://bugzilla.suse.com/1192554
https://bugzilla.suse.com/1192555
https://bugzilla.suse.com/1192559
Severity
Announcement ID: SUSE-SU-2021:14848-1
Rating: moderate
News
HOWTOs
Features
Complete Guide to Keylogging in Linux: Part 1
What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute
Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption
Call for Contributors with Knowledge of Linux Firewalls!
How To Create a Transparent Proxy through the Tor Network to Protect Your Privacy Online with archtorify & kalitorify
About Us
Powered By
