SUSE-SU-2020:1634-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20201634-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:1634-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:1634-1
Related
Published
2020-06-17T08:35:43Z
Modified
2020-06-17T08:35:43Z
Summary
Security update for xen
Details

This update for xen fixes the following issues:

  • CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).
  • CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).
  • CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).
  • CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).
  • CVE-2020-11743: Bad error path in GNTTABOPmapgrant (bsc#1168143).
  • Xenstored Crashed during VM install (bsc#1167152)
References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / xen

Package

Name
xen
Purl
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.4_10-3.31.1

Ecosystem specific

{
    "binaries": [
        {
            "xen-libs": "4.10.4_10-3.31.1",
            "xen-devel": "4.10.4_10-3.31.1",
            "xen-tools": "4.10.4_10-3.31.1",
            "xen-tools-domU": "4.10.4_10-3.31.1",
            "xen": "4.10.4_10-3.31.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / xen

Package

Name
xen
Purl
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.4_10-3.31.1

Ecosystem specific

{
    "binaries": [
        {
            "xen-libs": "4.10.4_10-3.31.1",
            "xen-devel": "4.10.4_10-3.31.1",
            "xen-tools": "4.10.4_10-3.31.1",
            "xen-tools-domU": "4.10.4_10-3.31.1",
            "xen": "4.10.4_10-3.31.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / xen

Package

Name
xen
Purl
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.4_10-3.31.1

Ecosystem specific

{
    "binaries": [
        {
            "xen-libs": "4.10.4_10-3.31.1",
            "xen-devel": "4.10.4_10-3.31.1",
            "xen-tools": "4.10.4_10-3.31.1",
            "xen-tools-domU": "4.10.4_10-3.31.1",
            "xen": "4.10.4_10-3.31.1"
        }
    ]
}