SUSE-SU-2020:3415-1

Опубликовано: 19 нояб. 2020

Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Security issue fixed:

CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).

Non-security issue fixed:

Adjusted help for --max_iters, default is 5 (bsc#1177950).

Список пакетов

Image SLES12-SP4-EC2-HVM-BYOS

xen-libs-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

Image SLES12-SP4-SAP-EC2-HVM

xen-libs-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

xen-libs-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

SUSE Linux Enterprise Server 12 SP4-LTSS

xen-4.11.4_12-2.42.1

xen-doc-html-4.11.4_12-2.42.1

xen-libs-4.11.4_12-2.42.1

xen-libs-32bit-4.11.4_12-2.42.1

xen-tools-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

xen-4.11.4_12-2.42.1

xen-doc-html-4.11.4_12-2.42.1

xen-libs-4.11.4_12-2.42.1

xen-libs-32bit-4.11.4_12-2.42.1

xen-tools-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

SUSE OpenStack Cloud 9

xen-4.11.4_12-2.42.1

xen-doc-html-4.11.4_12-2.42.1

xen-libs-4.11.4_12-2.42.1

xen-libs-32bit-4.11.4_12-2.42.1

xen-tools-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

SUSE OpenStack Cloud Crowbar 9

xen-4.11.4_12-2.42.1

xen-doc-html-4.11.4_12-2.42.1

xen-libs-4.11.4_12-2.42.1

xen-libs-32bit-4.11.4_12-2.42.1

xen-tools-4.11.4_12-2.42.1

xen-tools-domU-4.11.4_12-2.42.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203415-1/
Link for SUSE-SU-2020:3415-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007810.html
E-Mail link for SUSE-SU-2020:3415-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1177950
SUSE Bug 1177950
https://bugzilla.suse.com/1178591
SUSE Bug 1178591
https://www.suse.com/security/cve/CVE-2020-28368/
SUSE CVE CVE-2020-28368 page

Описание

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Затронутые продукты

Image SLES12-SP4-EC2-HVM-BYOS:xen-libs-4.11.4_12-2.42.1

Image SLES12-SP4-EC2-HVM-BYOS:xen-tools-domU-4.11.4_12-2.42.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS:xen-libs-4.11.4_12-2.42.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS:xen-tools-domU-4.11.4_12-2.42.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-28368.html
CVE-2020-28368
https://bugzilla.suse.com/1178591
SUSE Bug 1178591
https://bugzilla.suse.com/1178658
SUSE Bug 1178658

SUSE-SU-2020:3415-1

Описание

Список пакетов

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2020-28368

Описание

Затронутые продукты

Ссылки