SUSE-SU-2020:1633-1

Опубликовано: 17 июн. 2020

Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205).
Fixed an issue with efi boot when nvidia optimus or newer graphic cards are used (bsc#1168178).d

Список пакетов

Image SLES12-SP5-EC2-BYOS

xen-libs-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-ECS-On-Demand

xen-libs-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-On-Demand

xen-libs-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-SAP-BYOS

xen-libs-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-SAP-On-Demand

xen-libs-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

SUSE Linux Enterprise Server 12 SP5

xen-4.12.3_02-3.14.1

xen-doc-html-4.12.3_02-3.14.1

xen-libs-4.12.3_02-3.14.1

xen-libs-32bit-4.12.3_02-3.14.1

xen-tools-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

xen-4.12.3_02-3.14.1

xen-doc-html-4.12.3_02-3.14.1

xen-libs-4.12.3_02-3.14.1

xen-libs-32bit-4.12.3_02-3.14.1

xen-tools-4.12.3_02-3.14.1

xen-tools-domU-4.12.3_02-3.14.1

SUSE Linux Enterprise Software Development Kit 12 SP5

xen-devel-4.12.3_02-3.14.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201633-1/
Link for SUSE-SU-2020:1633-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/006958.html
E-Mail link for SUSE-SU-2020:1633-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027519
SUSE Bug 1027519
https://bugzilla.suse.com/1168178
SUSE Bug 1168178
https://bugzilla.suse.com/1172205
SUSE Bug 1172205
https://www.suse.com/security/cve/CVE-2020-0543/
SUSE CVE CVE-2020-0543 page

Описание

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты

Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.3_02-3.14.1

Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.3_02-3.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-0543.html
CVE-2020-0543
https://bugzilla.suse.com/1154824
SUSE Bug 1154824
https://bugzilla.suse.com/1172205
SUSE Bug 1172205
https://bugzilla.suse.com/1172206
SUSE Bug 1172206
https://bugzilla.suse.com/1172207
SUSE Bug 1172207
https://bugzilla.suse.com/1172770
SUSE Bug 1172770
https://bugzilla.suse.com/1178658
SUSE Bug 1178658
https://bugzilla.suse.com/1201877
SUSE Bug 1201877

SUSE-SU-2020:1633-1

Описание

Список пакетов

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2020-0543

Описание

Затронутые продукты

Ссылки