SUSE-SU-2020:1609-1

Опубликовано: 11 июн. 2020

Источник: suse-cvrf

Описание

Security update for xen

This update for xen to version 4.12.3 fixes the following issues:

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).
Added support for new 64bit libxl memory API (bsc#1167007 and bsc#1157490).

Список пакетов

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-CHOST-BYOS-EC2

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-EC2-HVM-BYOS

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-SAP-EC2-HVM

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-SAPCAL-EC2-HVM

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

xen-libs-4.12.3_02-3.18.1

xen-tools-domU-4.12.3_02-3.18.1

SUSE Linux Enterprise Module for Server Applications 15 SP1

xen-4.12.3_02-3.18.1

xen-devel-4.12.3_02-3.18.1

xen-tools-4.12.3_02-3.18.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201609-1/
Link for SUSE-SU-2020:1609-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/006935.html
E-Mail link for SUSE-SU-2020:1609-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027519
SUSE Bug 1027519
https://bugzilla.suse.com/1157490
SUSE Bug 1157490
https://bugzilla.suse.com/1167007
SUSE Bug 1167007
https://bugzilla.suse.com/1172205
SUSE Bug 1172205
https://www.suse.com/security/cve/CVE-2020-0543/
SUSE CVE CVE-2020-0543 page

Описание

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM:xen-libs-4.12.3_02-3.18.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM:xen-tools-domU-4.12.3_02-3.18.1

Image SLES15-SP1-CHOST-BYOS-EC2:xen-libs-4.12.3_02-3.18.1

Image SLES15-SP1-CHOST-BYOS-EC2:xen-tools-domU-4.12.3_02-3.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-0543.html
CVE-2020-0543
https://bugzilla.suse.com/1154824
SUSE Bug 1154824
https://bugzilla.suse.com/1172205
SUSE Bug 1172205
https://bugzilla.suse.com/1172206
SUSE Bug 1172206
https://bugzilla.suse.com/1172207
SUSE Bug 1172207
https://bugzilla.suse.com/1172770
SUSE Bug 1172770
https://bugzilla.suse.com/1178658
SUSE Bug 1178658
https://bugzilla.suse.com/1201877
SUSE Bug 1201877

SUSE-SU-2020:1609-1

Описание

Список пакетов

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

Image SLES15-SP1-CHOST-BYOS-EC2

Image SLES15-SP1-EC2-HPC-HVM-BYOS

Image SLES15-SP1-EC2-HVM-BYOS

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

Image SLES15-SP1-SAP-EC2-HVM

Image SLES15-SP1-SAP-EC2-HVM-BYOS

Image SLES15-SP1-SAPCAL-EC2-HVM

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Server Applications 15 SP1

Ссылки

Уязвимость: CVE-2020-0543

Описание

Затронутые продукты

Ссылки