Описание
Security update for xen
This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
Список пакетов
Image SLES12-SP5-EC2-BYOS
xen-libs-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-ECS-On-Demand
xen-libs-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-On-Demand
xen-libs-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-SAP-BYOS
xen-libs-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-SAP-On-Demand
xen-libs-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
SUSE Linux Enterprise Server 12 SP5
xen-4.12.4_04-3.33.1
xen-doc-html-4.12.4_04-3.33.1
xen-libs-4.12.4_04-3.33.1
xen-libs-32bit-4.12.4_04-3.33.1
xen-tools-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
xen-4.12.4_04-3.33.1
xen-doc-html-4.12.4_04-3.33.1
xen-libs-4.12.4_04-3.33.1
xen-libs-32bit-4.12.4_04-3.33.1
xen-tools-4.12.4_04-3.33.1
xen-tools-domU-4.12.4_04-3.33.1
SUSE Linux Enterprise Software Development Kit 12 SP5
xen-devel-4.12.4_04-3.33.1
Ссылки
- Link for SUSE-SU-2020:3612-1
- E-Mail link for SUSE-SU-2020:3612-1
- SUSE Security Ratings
- SUSE Bug 1178591
- SUSE Bug 1178963
- SUSE CVE CVE-2020-28368 page
Описание
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.
Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_04-3.33.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_04-3.33.1
Ссылки
- CVE-2020-28368
- SUSE Bug 1178591
- SUSE Bug 1178658