SUSE-SU-2020:3413-1

Опубликовано: 19 нояб. 2020

Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Security issue fixed:

CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).

Non-security issues fixed:

Updated to Xen 4.12.4 bug fix release (bsc#1027519).
Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519).
Adjusted help for --max_iters, default is 5 (bsc#1177950).

Список пакетов

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-CHOST-BYOS-EC2

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-EC2-HPC-HVM-BYOS

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-EC2-HVM-BYOS

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-SAP-EC2-HVM

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-SAP-EC2-HVM-BYOS

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-SAPCAL-EC2-HVM

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP1

xen-libs-4.12.4_02-3.34.2

xen-tools-domU-4.12.4_02-3.34.2

SUSE Linux Enterprise Module for Server Applications 15 SP1

xen-4.12.4_02-3.34.2

xen-devel-4.12.4_02-3.34.2

xen-tools-4.12.4_02-3.34.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203413-1/
Link for SUSE-SU-2020:3413-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007815.html
E-Mail link for SUSE-SU-2020:3413-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027519
SUSE Bug 1027519
https://bugzilla.suse.com/1177950
SUSE Bug 1177950
https://bugzilla.suse.com/1178591
SUSE Bug 1178591
https://www.suse.com/security/cve/CVE-2020-28368/
SUSE CVE CVE-2020-28368 page

Описание

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Затронутые продукты

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM:xen-libs-4.12.4_02-3.34.2

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM:xen-tools-domU-4.12.4_02-3.34.2

Image SLES15-SP1-CHOST-BYOS-EC2:xen-libs-4.12.4_02-3.34.2

Image SLES15-SP1-CHOST-BYOS-EC2:xen-tools-domU-4.12.4_02-3.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-28368.html
CVE-2020-28368
https://bugzilla.suse.com/1178591
SUSE Bug 1178591
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

SUSE-SU-2020:3413-1

Описание

Список пакетов

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

Image SLES15-SP1-CHOST-BYOS-EC2

Image SLES15-SP1-EC2-HPC-HVM-BYOS

Image SLES15-SP1-EC2-HVM-BYOS

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

Image SLES15-SP1-SAP-EC2-HVM

Image SLES15-SP1-SAP-EC2-HVM-BYOS

Image SLES15-SP1-SAPCAL-EC2-HVM

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Server Applications 15 SP1

Ссылки

Уязвимость: CVE-2020-28368

Описание

Затронутые продукты

Ссылки