Описание
Security update for xen
This update for xen fixes the following issues:
- bsc#1174543 - secure boot related fixes
- bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages
Список пакетов
SUSE Linux Enterprise Server 12 SP4-LTSS
xen-4.11.4_06-2.33.1
xen-doc-html-4.11.4_06-2.33.1
xen-libs-4.11.4_06-2.33.1
xen-libs-32bit-4.11.4_06-2.33.1
xen-tools-4.11.4_06-2.33.1
xen-tools-domU-4.11.4_06-2.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
xen-4.11.4_06-2.33.1
xen-doc-html-4.11.4_06-2.33.1
xen-libs-4.11.4_06-2.33.1
xen-libs-32bit-4.11.4_06-2.33.1
xen-tools-4.11.4_06-2.33.1
xen-tools-domU-4.11.4_06-2.33.1
SUSE OpenStack Cloud 9
xen-4.11.4_06-2.33.1
xen-doc-html-4.11.4_06-2.33.1
xen-libs-4.11.4_06-2.33.1
xen-libs-32bit-4.11.4_06-2.33.1
xen-tools-4.11.4_06-2.33.1
xen-tools-domU-4.11.4_06-2.33.1
SUSE OpenStack Cloud Crowbar 9
xen-4.11.4_06-2.33.1
xen-doc-html-4.11.4_06-2.33.1
xen-libs-4.11.4_06-2.33.1
xen-libs-32bit-4.11.4_06-2.33.1
xen-tools-4.11.4_06-2.33.1
xen-tools-domU-4.11.4_06-2.33.1
Ссылки
- Link for SUSE-SU-2020:2141-1
- E-Mail link for SUSE-SU-2020:2141-1
- SUSE Security Ratings
- SUSE Bug 1163019
- SUSE Bug 1174543
- SUSE CVE CVE-2020-8608 page
Описание
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4-LTSS:xen-4.11.4_06-2.33.1
SUSE Linux Enterprise Server 12 SP4-LTSS:xen-doc-html-4.11.4_06-2.33.1
SUSE Linux Enterprise Server 12 SP4-LTSS:xen-libs-32bit-4.11.4_06-2.33.1
SUSE Linux Enterprise Server 12 SP4-LTSS:xen-libs-4.11.4_06-2.33.1
Ссылки
- CVE-2020-8608
- SUSE Bug 1163018
- SUSE Bug 1163019