SUSE-SU-2023:3832-1

Опубликовано: 27 сент. 2023

Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).

Список пакетов

Image SLES15-SP4-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-CHOST-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-CHOST-BYOS-Aliyun

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-CHOST-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-CHOST-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-CHOST-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-HPC-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-HPC-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-HPC-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-HPC-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-HPC-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-HPC-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Hardened-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Hardened-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Hardened-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Hardened-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-3

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-3-BYOS

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-3-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-3-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-3-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-3-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4-BYOS

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-Micro-5-4-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-BYOS

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened-BYOS

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAP-Hardened-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAPCAL

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAPCAL-Azure

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAPCAL-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SAPCAL-GCE

xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

SUSE Linux Enterprise Micro 5.3

xen-libs-4.16.5_04-150400.4.34.1

SUSE Linux Enterprise Micro 5.4

xen-libs-4.16.5_04-150400.4.34.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

xen-libs-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

SUSE Linux Enterprise Module for Server Applications 15 SP4

xen-4.16.5_04-150400.4.34.1

xen-devel-4.16.5_04-150400.4.34.1

xen-tools-4.16.5_04-150400.4.34.1

xen-tools-xendomains-wait-disk-4.16.5_04-150400.4.34.1

openSUSE Leap 15.4

xen-4.16.5_04-150400.4.34.1

xen-devel-4.16.5_04-150400.4.34.1

xen-doc-html-4.16.5_04-150400.4.34.1

xen-libs-4.16.5_04-150400.4.34.1

xen-libs-32bit-4.16.5_04-150400.4.34.1

xen-tools-4.16.5_04-150400.4.34.1

xen-tools-domU-4.16.5_04-150400.4.34.1

xen-tools-xendomains-wait-disk-4.16.5_04-150400.4.34.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233832-1/
Link for SUSE-SU-2023:3832-1
https://lists.suse.com/pipermail/sle-updates/2023-September/031733.html
E-Mail link for SUSE-SU-2023:3832-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215145
SUSE Bug 1215145
https://bugzilla.suse.com/1215474
SUSE Bug 1215474
https://www.suse.com/security/cve/CVE-2023-20588/
SUSE CVE CVE-2023-20588 page
https://www.suse.com/security/cve/CVE-2023-34322/
SUSE CVE CVE-2023-34322 page

Описание

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Затронутые продукты

Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.5_04-150400.4.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-20588.html
CVE-2023-20588
https://bugzilla.suse.com/1213927
SUSE Bug 1213927

Описание

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.

Затронутые продукты

Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.5_04-150400.4.34.1

Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.5_04-150400.4.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-34322.html
CVE-2023-34322
https://bugzilla.suse.com/1215145
SUSE Bug 1215145