Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisorycritical issueimportantopenSUSE: 2023:4476-1 urgent: Critical AMD Xen Execution Vulnerability
This update for xen fixes the following issues: CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).. # Security update for xen Announcement ID: SUSE-SU-2023:4476-1 Rating: important References: * bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747 * bsc#1215748 * bsc#1216654 * bsc#1216807 Cross-References: * CVE-2023-20588 * CVE-2023-34322 * CVE-2023-34325 * CVE-2023-34326 * CVE-2023-34327 * CVE-2023-34328 * CVE-2023-46835 * CVE-2023-46836 CVSS scores: * CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46835 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20588: AMDCPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4476=1 SUSE-2023-4476=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4476=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4476=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4476=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4476=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4476=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4476=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4476=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4476=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-4.16.5_08-150400.4.40.1 *xen-tools-debuginfo-4.16.5_08-150400.4.40.1 * xen-4.16.5_08-150400.4.40.1 * xen-doc-html-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-tools-domU-4.16.5_08-150400.4.40.1 * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-tools-domU-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * xen-devel-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-4.16.5_08-150400.4.40.1 * xen-libs-32bit-debuginfo-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_08-150400.4.40.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.16.5_08-150400.4.40.1 * xen-libs-64bit-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * Basesystem Module 15-SP4 (x86_64) * xen-tools-domU-4.16.5_08-150400.4.40.1 * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-tools-domU-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * Server Applications Module 15-SP4 (x86_64) * xen-tools-debuginfo-4.16.5_08-150400.4.40.1 * xen-4.16.5_08-150400.4.40.1 * xen-tools-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 *xen-devel-4.16.5_08-150400.4.40.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_08-150400.4.40.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-libs-4.16.5_08-150400.4.40.1 * xen-libs-debuginfo-4.16.5_08-150400.4.40.1 * xen-debugsource-4.16.5_08-150400.4.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20588.html * https://www.suse.com/security/cve/CVE-2023-34322.html * https://www.suse.com/security/cve/CVE-2023-34325.html * https://www.suse.com/security/cve/CVE-2023-34326.html * https://www.suse.com/security/cve/CVE-2023-34327.html * https://www.suse.com/security/cve/CVE-2023-34328.html * https://www.suse.com/security/cve/CVE-2023-46835.html * https://www.suse.com/security/cve/CVE-2023-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1215145 * https://bugzilla.suse.com/show_bug.cgi?id=1215474 * https://bugzilla.suse.com/show_bug.cgi?id=1215746 * https://bugzilla.suse.com/show_bug.cgi?id=1215747 * https://bugzilla.suse.com/show_bug.cgi?id=1215748 * https://bugzilla.suse.com/show_bug.cgi?id=1216654 * https://bugzilla.suse.com/show_bug.cgi?id=1216807 . This critical security notification for openSUSE highlights various vulnerabilities in xen, encompassing an execution flaw in AMD processors.. openSUSE Updates,xen Security,Security Patches,Critical Patches. . Severity: Critical. LinuxSecurity.com Team
Nov 17, 2023
•Critical
OpenSUSE
100
security advisoryimportant updateside-channel attackSUSE: 2022:0940-1 Important Xen Patch for Side-Channel Attacks
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0940-1 Rating: important References: #1027519 #1191668 #1194267 #1196915 Cross-References: CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVSS scores: CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: Update Xen to version 4.14.4 (bsc#1027519) Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. Securityissues fixed: - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). Non-security issues fixed: - Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-940=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-940=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-940=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.4_02-150300.3.21.1 xen-debugsource-4.14.4_02-150300.3.21.1 xen-devel-4.14.4_02-150300.3.21.1 xen-tools-4.14.4_02-150300.3.21.1 xen-tools-debuginfo-4.14.4_02-150300.3.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.4_02-150300.3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.4_02-150300.3.21.1 xen-libs-4.14.4_02-150300.3.21.1 xen-libs-debuginfo-4.14.4_02-150300.3.21.1 xen-tools-domU-4.14.4_02-150300.3.21.1 xen-tools-domU-debuginfo-4.14.4_02-150300.3.21.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.4_02-150300.3.21.1 xen-libs-4.14.4_02-150300.3.21.1 xen-libs-debuginfo-4.14.4_02-150300.3.21.1 References: https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1194267 https://bugzilla.suse.com/1196915 . SUSE has launched a crucial update addressing severe vulnerabilities in Xen, particularly aimed at countering side-channel threats to enhance system security and stability. SUSE Linux, Xen Patch, Security Updates, System Vulnerability, Cybersecurity Measures. . Severity: Important. LinuxSecurity.com Team
Mar 23, 2022
•Important
SuSE
100
security advisoryDoSimportant updateSUSE: 2022:0333-1 Important: Guest Mapping DoS Fixes for Xen
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0333-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-333=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-333=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-333=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.3_06-150300.3.18.2 xen-debugsource-4.14.3_06-150300.3.18.2 xen-devel-4.14.3_06-150300.3.18.2 xen-tools-4.14.3_06-150300.3.18.2 xen-tools-debuginfo-4.14.3_06-150300.3.18.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.3_06-150300.3.18.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.3_06-150300.3.18.2 xen-libs-4.14.3_06-150300.3.18.2 xen-libs-debuginfo-4.14.3_06-150300.3.18.2 xen-tools-domU-4.14.3_06-150300.3.18.2 xen-tools-domU-debuginfo-4.14.3_06-150300.3.18.2 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.3_06-150300.3.18.2 xen-libs-4.14.3_06-150300.3.18.2 xen-libs-debuginfo-4.14.3_06-150300.3.18.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 . SUSE Security Update for kernel addresses significant memory handling and remote execution vulnerabilities. Restart system post-installation.. SUSE Security Update,xenpatch,DoS threat,guest mapping issue,important updates. . Severity: Important. LinuxSecurity.com Team
Feb 04, 2022
•Important
SuSE
100
security advisoryrace conditionSUSESUSE: 2021:3213-1 Important: Fix For Xen Race Condition
An update that solves one vulnerability and has two fixes is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3213-1 Rating: important References: #1189373 #1189378 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Integrate bugfixes (bsc#1189373, bsc#1189378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3213=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3213=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3213=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3213=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3213=1 - HPE Helion Openstack 8: zypper in -t patchHPE-Helion-OpenStack-8-2021-3213=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_22-3.94.2 xen-debugsource-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-debuginfo-32bit-4.9.4_22-3.94.2 xen-libs-debuginfo-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-debuginfo-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-tools-domU-debuginfo-4.9.4_22-3.94.2 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189632 . Essential SUSE Security Patch for xen tackling race condition vulnerability along with several corrections in different server distributions.. SUSE Linux, Security Update, Xen Patch, OpenStack Cloud, Server Security. . Severity: Important. LinuxSecurity.com Team
Sep 23, 2021
•Important
SuSE
100
security advisorymoderaterace conditionSUSE Linux Enterprise 12-SP5: 2021:3181-1 Moderate: Xen Race Effect
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3181-1 Rating: moderate References: #1027519 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3181=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3181=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_14-3.52.1 xen-devel-4.12.4_14-3.52.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_14-3.52.1 xen-debugsource-4.12.4_14-3.52.1 xen-doc-html-4.12.4_14-3.52.1 xen-libs-32bit-4.12.4_14-3.52.1 xen-libs-4.12.4_14-3.52.1 xen-libs-debuginfo-32bit-4.12.4_14-3.52.1 xen-libs-debuginfo-4.12.4_14-3.52.1 xen-tools-4.12.4_14-3.52.1 xen-tools-debuginfo-4.12.4_14-3.52.1 xen-tools-domU-4.12.4_14-3.52.1 xen-tools-domU-debuginfo-4.12.4_14-3.52.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 . SUSE has released a critical patch for xen, addressing a concurrency flaw, along with preferred installation guidelines for its users.. SUSE Security Update,xen patch,system update. . LinuxSecurity.com Team
Sep 21, 2021
SuSE
100
security advisorymoderatesecurity updateSUSE 15-SP3 Moderate Advisory for Xen: CVE-2021-28701 Race Condition
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3140-1 Rating: moderate References: #1027519 #1189632 Cross-References: CVE-2021-28701 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3140=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3140=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.2_06-3.12.1 xen-debugsource-4.14.2_06-3.12.1 xen-devel-4.14.2_06-3.12.1 xen-tools-4.14.2_06-3.12.1 xen-tools-debuginfo-4.14.2_06-3.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.2_06-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.2_06-3.12.1 xen-libs-4.14.2_06-3.12.1 xen-libs-debuginfo-4.14.2_06-3.12.1 xen-tools-domU-4.14.2_06-3.12.1 xen-tools-domU-debuginfo-4.14.2_06-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 . New patch for xen resolves a concurrency issue and features errata. Importance designated as medium, with setup guidelines provided.. SUSE Security Update, xen Patch, Computer Security, Server Security, SUSE Enterprise Applications. . Severity: Important. LinuxSecurity.com Team
Sep 18, 2021
•Important
SuSE
100
security advisoryDenial of Servicecritical fixesSUSE: 2021:1460-1 Critical: Xen DoS Attack Patches Available
An update that solves three vulnerabilities and has four fixes is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1460-1 Rating: important References: #1027519 #1177204 #1178591 #1179148 #1181254 #1181989 #1183072 Cross-References: CVE-2020-28368 CVE-2021-28687 CVE-2021-3308 CVSS scores: CVE-2020-28368 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-28368 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack (bsc#1178591, XSA-351) - CVE-2021-3308: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small (bsc#1177204). - kdump of HVM fails, soft-reset nothandled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1460=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1460=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1460=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1460=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1460=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1460=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1460=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1460=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1460=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Manager Retail Branch Server 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Manager Proxy 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE LinuxEnterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_08-3.43.3 xen-debugsource-4.12.4_08-3.43.3 xen-devel-4.12.4_08-3.43.3 xen-libs-4.12.4_08-3.43.3 xen-libs-debuginfo-4.12.4_08-3.43.3 xen-tools-4.12.4_08-3.43.3 xen-tools-debuginfo-4.12.4_08-3.43.3 xen-tools-domU-4.12.4_08-3.43.3 xen-tools-domU-debuginfo-4.12.4_08-3.43.3 References: https://www.suse.com/security/cve/CVE-2020-28368.html https://www.suse.com/security/cve/CVE-2021-28687.html https://www.suse.com/security/cve/CVE-2021-3308.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1177204 https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1179148 https://bugzilla.suse.com/1181254 https://bugzilla.suse.com/1181989 https://bugzilla.suse.com/1183072 . Prompt security patches introducedfor SUSE Xen tackling a range of severe vulnerabilities affecting several corporate applications.. SUSE Linux Enterprise,xen patch,security updates,SUSE Manager Server. . Severity: Critical. LinuxSecurity.com Team
Apr 30, 2021
•Critical
SuSE
100
security advisorycriticalSUSE LinuxSUSE: 2020:3612-1 Critical Update for Xen Stack Corruption
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3612-1 Rating: important References: #1178591 #1178963 Cross-References: CVE-2020-28368 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3612=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3612=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_04-3.33.1 xen-devel-4.12.4_04-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_04-3.33.1 xen-debugsource-4.12.4_04-3.33.1 xen-doc-html-4.12.4_04-3.33.1 xen-libs-32bit-4.12.4_04-3.33.1 xen-libs-4.12.4_04-3.33.1 xen-libs-debuginfo-32bit-4.12.4_04-3.33.1 xen-libs-debuginfo-4.12.4_04-3.33.1 xen-tools-4.12.4_04-3.33.1 xen-tools-debuginfo-4.12.4_04-3.33.1 xen-tools-domU-4.12.4_04-3.33.1 xen-tools-domU-debuginfo-4.12.4_04-3.33.1 References: https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1178591 https://bugzilla.suse.com/1178963 . SUSE Security Update delivers essential fixes for xen tackling memory corruption CVE-2020-28368 with a critical rating.. SUSE Linux,Xen Update,Stack Corruption,Security Patches. . Severity: Important. LinuxSecurity.com Team
Dec 03, 2020
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!