Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).
- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).
- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).
Список пакетов
Image SLES12-SP5-EC2-BYOS
xen-libs-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand
xen-libs-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-On-Demand
xen-libs-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-SAP-BYOS
xen-libs-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-SAP-On-Demand
xen-libs-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
SUSE Linux Enterprise Server 12 SP5
xen-4.12.4_36-3.91.2
xen-doc-html-4.12.4_36-3.91.2
xen-libs-4.12.4_36-3.91.2
xen-libs-32bit-4.12.4_36-3.91.2
xen-tools-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
xen-4.12.4_36-3.91.2
xen-doc-html-4.12.4_36-3.91.2
xen-libs-4.12.4_36-3.91.2
xen-libs-32bit-4.12.4_36-3.91.2
xen-tools-4.12.4_36-3.91.2
xen-tools-domU-4.12.4_36-3.91.2
SUSE Linux Enterprise Software Development Kit 12 SP5
xen-devel-4.12.4_36-3.91.2
Ссылки
- Link for SUSE-SU-2023:3495-1
- E-Mail link for SUSE-SU-2023:3495-1
- SUSE Security Ratings
- SUSE Bug 1213616
- SUSE Bug 1214082
- SUSE Bug 1214083
- SUSE CVE CVE-2022-40982 page
- SUSE CVE CVE-2023-20569 page
- SUSE CVE CVE-2023-20593 page
Описание
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_36-3.91.2
Ссылки
- CVE-2022-40982
- SUSE Bug 1206418
- SUSE Bug 1215674
Описание
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_36-3.91.2
Ссылки
- CVE-2023-20569
- SUSE Bug 1213287
Описание
An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_36-3.91.2
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_36-3.91.2
Ссылки
- CVE-2023-20593
- SUSE Bug 1213286
- SUSE Bug 1213616
- SUSE Bug 1215674