SUSE-SU-2018:2410-1

Опубликовано: 17 авг. 2018

Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following security issues:

CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519).
Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276)

Список пакетов

SUSE Enterprise Storage 4

xen-4.7.6_04-43.39.1

xen-doc-html-4.7.6_04-43.39.1

xen-libs-4.7.6_04-43.39.1

xen-libs-32bit-4.7.6_04-43.39.1

xen-tools-4.7.6_04-43.39.1

xen-tools-domU-4.7.6_04-43.39.1

SUSE Linux Enterprise Server 12 SP2-LTSS

xen-4.7.6_04-43.39.1

xen-doc-html-4.7.6_04-43.39.1

xen-libs-4.7.6_04-43.39.1

xen-libs-32bit-4.7.6_04-43.39.1

xen-tools-4.7.6_04-43.39.1

xen-tools-domU-4.7.6_04-43.39.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

xen-4.7.6_04-43.39.1

xen-doc-html-4.7.6_04-43.39.1

xen-libs-4.7.6_04-43.39.1

xen-libs-32bit-4.7.6_04-43.39.1

xen-tools-4.7.6_04-43.39.1

xen-tools-domU-4.7.6_04-43.39.1

SUSE OpenStack Cloud 7

xen-4.7.6_04-43.39.1

xen-doc-html-4.7.6_04-43.39.1

xen-libs-4.7.6_04-43.39.1

xen-libs-32bit-4.7.6_04-43.39.1

xen-tools-4.7.6_04-43.39.1

xen-tools-domU-4.7.6_04-43.39.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20182410-1/
Link for SUSE-SU-2018:2410-1
https://lists.suse.com/pipermail/sle-security-updates/2018-August/004465.html
E-Mail link for SUSE-SU-2018:2410-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027519
SUSE Bug 1027519
https://bugzilla.suse.com/1091107
SUSE Bug 1091107
https://bugzilla.suse.com/1103276
SUSE Bug 1103276
https://www.suse.com/security/cve/CVE-2018-3646/
SUSE CVE CVE-2018-3646 page

Описание

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Затронутые продукты

SUSE Enterprise Storage 4:xen-4.7.6_04-43.39.1

SUSE Enterprise Storage 4:xen-doc-html-4.7.6_04-43.39.1

SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_04-43.39.1

SUSE Enterprise Storage 4:xen-libs-4.7.6_04-43.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-3646.html
CVE-2018-3646
https://bugzilla.suse.com/1087078
SUSE Bug 1087078
https://bugzilla.suse.com/1087081
SUSE Bug 1087081
https://bugzilla.suse.com/1089343
SUSE Bug 1089343
https://bugzilla.suse.com/1091107
SUSE Bug 1091107
https://bugzilla.suse.com/1099306
SUSE Bug 1099306
https://bugzilla.suse.com/1104365
SUSE Bug 1104365
https://bugzilla.suse.com/1104894
SUSE Bug 1104894
https://bugzilla.suse.com/1106548
SUSE Bug 1106548
https://bugzilla.suse.com/1113534
SUSE Bug 1113534
https://bugzilla.suse.com/1136865
SUSE Bug 1136865
https://bugzilla.suse.com/1178658
SUSE Bug 1178658
https://bugzilla.suse.com/1201877
SUSE Bug 1201877

SUSE-SU-2018:2410-1

Описание

Список пакетов

SUSE Enterprise Storage 4

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2018-3646

Описание

Затронутые продукты

Ссылки