Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3496-1

Опубликовано: 30 авг. 2023
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Update to Xen 4.13.5 bug fix release (bsc#1027519).

  • CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).
  • CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).
  • CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).

Список пакетов

Image SLES15-SP2-BYOS-Azure
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-HPC-BYOS-Azure
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-BYOS-Azure
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
xen-libs-4.13.5_02-150200.3.74.1
xen-tools-domU-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-BYOS-GCE
xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-EC2-HVM
xen-libs-4.13.5_02-150200.3.74.1
xen-tools-domU-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-GCE
xen-libs-4.13.5_02-150200.3.74.1
SUSE Enterprise Storage 7
xen-4.13.5_02-150200.3.74.1
xen-devel-4.13.5_02-150200.3.74.1
xen-libs-4.13.5_02-150200.3.74.1
xen-tools-4.13.5_02-150200.3.74.1
xen-tools-domU-4.13.5_02-150200.3.74.1
xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
xen-4.13.5_02-150200.3.74.1
xen-devel-4.13.5_02-150200.3.74.1
xen-libs-4.13.5_02-150200.3.74.1
xen-tools-4.13.5_02-150200.3.74.1
xen-tools-domU-4.13.5_02-150200.3.74.1
xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1
SUSE Linux Enterprise Server 15 SP2-LTSS
xen-4.13.5_02-150200.3.74.1
xen-devel-4.13.5_02-150200.3.74.1
xen-libs-4.13.5_02-150200.3.74.1
xen-tools-4.13.5_02-150200.3.74.1
xen-tools-domU-4.13.5_02-150200.3.74.1
xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
xen-4.13.5_02-150200.3.74.1
xen-devel-4.13.5_02-150200.3.74.1
xen-libs-4.13.5_02-150200.3.74.1
xen-tools-4.13.5_02-150200.3.74.1
xen-tools-domU-4.13.5_02-150200.3.74.1
xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1

Ссылки

Описание

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_02-150200.3.74.1
Ссылки

Описание

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_02-150200.3.74.1
Ссылки

Описание

An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_02-150200.3.74.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_02-150200.3.74.1
Ссылки
Уязвимость SUSE-SU-2023:3496-1