Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).
- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).
- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
xen-4.12.4_36-150100.3.89.1
xen-devel-4.12.4_36-150100.3.89.1
xen-libs-4.12.4_36-150100.3.89.1
xen-tools-4.12.4_36-150100.3.89.1
xen-tools-domU-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise Server 15 SP1-LTSS
xen-4.12.4_36-150100.3.89.1
xen-devel-4.12.4_36-150100.3.89.1
xen-libs-4.12.4_36-150100.3.89.1
xen-tools-4.12.4_36-150100.3.89.1
xen-tools-domU-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
xen-4.12.4_36-150100.3.89.1
xen-devel-4.12.4_36-150100.3.89.1
xen-libs-4.12.4_36-150100.3.89.1
xen-tools-4.12.4_36-150100.3.89.1
xen-tools-domU-4.12.4_36-150100.3.89.1
Ссылки
- Link for SUSE-SU-2023:3494-1
- E-Mail link for SUSE-SU-2023:3494-1
- SUSE Security Ratings
- SUSE Bug 1213616
- SUSE Bug 1214082
- SUSE Bug 1214083
- SUSE CVE CVE-2022-40982 page
- SUSE CVE CVE-2023-20569 page
- SUSE CVE CVE-2023-20593 page
Описание
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1
Ссылки
- CVE-2022-40982
- SUSE Bug 1206418
- SUSE Bug 1215674
Описание
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1
Ссылки
- CVE-2023-20569
- SUSE Bug 1213287
Описание
An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1
Ссылки
- CVE-2023-20593
- SUSE Bug 1213286
- SUSE Bug 1213616
- SUSE Bug 1215674