SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0388-1
Rating:             important
References:         #1115045 #1126140 #1126141 #1126192 #1126195 
                    #1126196 #1126201 #1135905 #1143797 #1145652 
                    #1146874 #1149813 #1152497 #1154448 #1154456 
                    #1154458 #1154461 #1155945 #1157888 #1158003 
                    #1158004 #1158005 #1158006 #1158007 #1161181 
                    
Cross-References:   CVE-2018-12207 CVE-2018-19965 CVE-2019-11135
                    CVE-2019-12067 CVE-2019-12068 CVE-2019-12155
                    CVE-2019-14378 CVE-2019-15890 CVE-2019-17340
                    CVE-2019-17341 CVE-2019-17342 CVE-2019-17343
                    CVE-2019-17344 CVE-2019-17347 CVE-2019-18420
                    CVE-2019-18421 CVE-2019-18424 CVE-2019-18425
                    CVE-2019-19577 CVE-2019-19578 CVE-2019-19579
                    CVE-2019-19580 CVE-2019-19581 CVE-2019-19583
                    CVE-2020-7211
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

   An update that fixes 25 vulnerabilities is now available.

Description:

   This update for xen fixes the following issues:

   - CVE-2018-12207: Fixed a race condition where untrusted virtual machines
     could have been using the Instruction Fetch Unit of the Intel CPU to
     cause a Machine Exception during Page Size Change, causing the CPU core
     to be non-functional (bsc#1155945 XSA-304).
   - CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a
     non-canonical addresses (bsc#1115045 XSA-279).
   - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs
     with Transactional Memory support could be used to facilitate
     side-channel information leaks out of microarchitectural buffers,
     similar to the previously described "Microarchitectural Data Sampling"
     attack. (bsc#1152497 XSA-305).
   - CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI
     (bsc#1145652).
   - CVE-2019-12068: Fixed an infinite loop while executing script
     (bsc#1146874).
   - CVE-2019-12155: Fixed a null pointer dereference while releasing spice
     resources (bsc#1135905).
   - CVE-2019-14378: Fixed a heap buffer overflow during packet reassembly in
     slirp networking implementation (bsc#1143797).
   - CVE-2019-15890: Fixed a use-after-free during packet reassembly
     (bsc#1149813).
   - CVE-2019-17340: Fixed grant table transfer issues on large hosts
     (XSA-284 bsc#1126140).
   - CVE-2019-17341: Fixed a race with pass-through device hotplug (XSA-285
     bsc#1126141).
   - CVE-2019-17342: Fixed steal_page violating page_struct access discipline
     (XSA-287 bsc#1126192).
   - CVE-2019-17343: Fixed an inconsistent PV IOMMU discipline (XSA-288
     bsc#1126195).
   - CVE-2019-17344: Fixed a missing preemption in x86 PV page table
     unvalidation (XSA-290 bsc#1126196).
   - CVE-2019-17347: Fixed a PV kernel context switch corruption (XSA-293
     bsc#1126201).
   - CVE-2019-18420: Fixed a hypervisor crash that could be caused by
     malicious x86 PV guests, resulting in a denial of service (bsc#1154448
     XSA-296).
   - CVE-2019-18421: Fixed a privilege escalation through malicious PV guest
     administrators (bsc#1154458 XSA-299).
   - CVE-2019-18424: Fixed a privilege escalation through DMA to physical
     devices by untrusted domains (bsc#1154461 XSA-302).
   - CVE-2019-18425: Fixed a privilege escalation from 32-bit PV guest used
     mode (bsc#1154456 XSA-298).
   - CVE-2019-19577: Fixed an issue where a malicious guest administrator
     could have caused Xen to access data structures while they are being
     modified leading to a crash (bsc#1158007 XSA-311).
   - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could
     have caused hypervisor crash resulting in denial of service affecting
     the entire host (bsc#1158005 XSA-309).
   - CVE-2019-19579: Fixed a privilege escalation where an untrusted domain
     with access to a physical device can DMA into host memory (bsc#1157888
     XSA-306).
   - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest
     administrator could have been able to escalate their privilege to that
     of the host (bsc#1158006 XSA-310).
   - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm
     (bsc#1158003 XSA-307).
   - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH
     guest userspace code to crash the guest, leading to a guest denial of
     service (bsc#1158004 XSA-308).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-388=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-388=1



Package List:

   - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

      xen-4.5.5_28-22.64.1
      xen-debugsource-4.5.5_28-22.64.1
      xen-doc-html-4.5.5_28-22.64.1
      xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1
      xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1
      xen-libs-32bit-4.5.5_28-22.64.1
      xen-libs-4.5.5_28-22.64.1
      xen-libs-debuginfo-32bit-4.5.5_28-22.64.1
      xen-libs-debuginfo-4.5.5_28-22.64.1
      xen-tools-4.5.5_28-22.64.1
      xen-tools-debuginfo-4.5.5_28-22.64.1
      xen-tools-domU-4.5.5_28-22.64.1
      xen-tools-domU-debuginfo-4.5.5_28-22.64.1

   - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

      xen-4.5.5_28-22.64.1
      xen-debugsource-4.5.5_28-22.64.1
      xen-doc-html-4.5.5_28-22.64.1
      xen-kmp-default-4.5.5_28_k3.12.74_60.64.124-22.64.1
      xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.124-22.64.1
      xen-libs-32bit-4.5.5_28-22.64.1
      xen-libs-4.5.5_28-22.64.1
      xen-libs-debuginfo-32bit-4.5.5_28-22.64.1
      xen-libs-debuginfo-4.5.5_28-22.64.1
      xen-tools-4.5.5_28-22.64.1
      xen-tools-debuginfo-4.5.5_28-22.64.1
      xen-tools-domU-4.5.5_28-22.64.1
      xen-tools-domU-debuginfo-4.5.5_28-22.64.1


References:

   https://www.suse.com/security/cve/CVE-2018-12207.html
   https://www.suse.com/security/cve/CVE-2018-19965.html
   https://www.suse.com/security/cve/CVE-2019-11135.html
   https://www.suse.com/security/cve/CVE-2019-12067.html
   https://www.suse.com/security/cve/CVE-2019-12068.html
   https://www.suse.com/security/cve/CVE-2019-12155.html
   https://www.suse.com/security/cve/CVE-2019-14378.html
   https://www.suse.com/security/cve/CVE-2019-15890.html
   https://www.suse.com/security/cve/CVE-2019-17340.html
   https://www.suse.com/security/cve/CVE-2019-17341.html
   https://www.suse.com/security/cve/CVE-2019-17342.html
   https://www.suse.com/security/cve/CVE-2019-17343.html
   https://www.suse.com/security/cve/CVE-2019-17344.html
   https://www.suse.com/security/cve/CVE-2019-17347.html
   https://www.suse.com/security/cve/CVE-2019-18420.html
   https://www.suse.com/security/cve/CVE-2019-18421.html
   https://www.suse.com/security/cve/CVE-2019-18424.html
   https://www.suse.com/security/cve/CVE-2019-18425.html
   https://www.suse.com/security/cve/CVE-2019-19577.html
   https://www.suse.com/security/cve/CVE-2019-19578.html
   https://www.suse.com/security/cve/CVE-2019-19579.html
   https://www.suse.com/security/cve/CVE-2019-19580.html
   https://www.suse.com/security/cve/CVE-2019-19581.html
   https://www.suse.com/security/cve/CVE-2019-19583.html
   https://www.suse.com/security/cve/CVE-2020-7211.html
   https://bugzilla.suse.com/1115045
   https://bugzilla.suse.com/1126140
   https://bugzilla.suse.com/1126141
   https://bugzilla.suse.com/1126192
   https://bugzilla.suse.com/1126195
   https://bugzilla.suse.com/1126196
   https://bugzilla.suse.com/1126201
   https://bugzilla.suse.com/1135905
   https://bugzilla.suse.com/1143797
   https://bugzilla.suse.com/1145652
   https://bugzilla.suse.com/1146874
   https://bugzilla.suse.com/1149813
   https://bugzilla.suse.com/1152497
   https://bugzilla.suse.com/1154448
   https://bugzilla.suse.com/1154456
   https://bugzilla.suse.com/1154458
   https://bugzilla.suse.com/1154461
   https://bugzilla.suse.com/1155945
   https://bugzilla.suse.com/1157888
   https://bugzilla.suse.com/1158003
   https://bugzilla.suse.com/1158004
   https://bugzilla.suse.com/1158005
   https://bugzilla.suse.com/1158006
   https://bugzilla.suse.com/1158007
   https://bugzilla.suse.com/1161181

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:0388-1 important: xen

February 17, 2020
An update that fixes 25 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304). - CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described "Microarchitectural Data Sampling" attack. (bsc#1152497 XSA-305). - CVE-2019-12067: Fixed a null pointer dereference in QEMU AHCI (bsc#1145652). - CVE-2019-12068: Fixed an infinite loop while executing script (bsc#1146874). - CVE-2019-12155: Fixed a null pointer der...

Read the Full Advisory

References

#1115045 #1126140 #1126141 #1126192 #1126195

#1126196 #1126201 #1135905 #1143797 #1145652

#1146874 #1149813 #1152497 #1154448 #1154456

#1154458 #1154461 #1155945 #1157888 #1158003

#1158004 #1158005 #1158006 #1158007 #1161181

Cross- CVE-2018-12207 CVE-2018-19965 CVE-2019-11135

CVE-2019-12067 CVE-2019-12068 CVE-2019-12155

CVE-2019-14378 CVE-2019-15890 CVE-2019-17340

CVE-2019-17341 CVE-2019-17342 CVE-2019-17343

CVE-2019-17344 CVE-2019-17347 CVE-2019-18420

CVE-2019-18421 CVE-2019-18424 CVE-2019-18425

CVE-2019-19577 CVE-2019-19578 CVE-2019-19579

CVE-2019-19580 CVE-2019-19581 CVE-2019-19583

CVE-2020-7211

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2020:0388-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved