SUSE-SU-2020:3414-1

Опубликовано: 19 нояб. 2020

Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Security issue fixed:

CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).

Non-security issues fixed:

Updated to Xen 4.12.4 bug fix release (bsc#1027519).
Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519).
Adjusted help for --max_iters, default is 5 (bsc#1177950).
Improved performance of live migration to get more throughput on 10Gbs+ connections (jsc#SLE-16899).

Список пакетов

Image SLES12-SP5-EC2-BYOS

xen-libs-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-ECS-On-Demand

xen-libs-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-On-Demand

xen-libs-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-SAP-BYOS

xen-libs-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-SAP-On-Demand

xen-libs-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

SUSE Linux Enterprise Server 12 SP5

xen-4.12.4_02-3.30.1

xen-doc-html-4.12.4_02-3.30.1

xen-libs-4.12.4_02-3.30.1

xen-libs-32bit-4.12.4_02-3.30.1

xen-tools-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

xen-4.12.4_02-3.30.1

xen-doc-html-4.12.4_02-3.30.1

xen-libs-4.12.4_02-3.30.1

xen-libs-32bit-4.12.4_02-3.30.1

xen-tools-4.12.4_02-3.30.1

xen-tools-domU-4.12.4_02-3.30.1

SUSE Linux Enterprise Software Development Kit 12 SP5

xen-devel-4.12.4_02-3.30.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203414-1/
Link for SUSE-SU-2020:3414-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007813.html
E-Mail link for SUSE-SU-2020:3414-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027519
SUSE Bug 1027519
https://bugzilla.suse.com/1177950
SUSE Bug 1177950
https://bugzilla.suse.com/1178591
SUSE Bug 1178591
https://www.suse.com/security/cve/CVE-2020-28368/
SUSE CVE CVE-2020-28368 page

Описание

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Затронутые продукты

Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_02-3.30.1

Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_02-3.30.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-28368.html
CVE-2020-28368
https://bugzilla.suse.com/1178591
SUSE Bug 1178591
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

SUSE-SU-2020:3414-1

Описание

Список пакетов

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2020-28368

Описание

Затронутые продукты

Ссылки