Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1295-1

Опубликовано: 15 апр. 2024
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

  • CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
  • CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
  • CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)

Other fixes:

  • Update to Xen 4.17.4 (bsc#1027519)

Список пакетов

Image SLES15-SP5-Azure-3P
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Basic
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Standard
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-CHOST-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-CHOST-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-CHOST-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-CHOST-BYOS-GDC
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-HPC-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-HPC-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-HPC-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-HPC-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Hardened-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Hardened-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Hardened-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-BYOS
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Micro-5-5-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Azure-3P
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Hardened-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAP-Hardened-GCE
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAPCAL-Azure
xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAPCAL-EC2
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
Image SLES15-SP5-SAPCAL-GCE
xen-libs-4.17.4_02-150500.3.30.1
SUSE Linux Enterprise Micro 5.5
xen-libs-4.17.4_02-150500.3.30.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
xen-libs-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
xen-4.17.4_02-150500.3.30.1
xen-devel-4.17.4_02-150500.3.30.1
xen-tools-4.17.4_02-150500.3.30.1
xen-tools-xendomains-wait-disk-4.17.4_02-150500.3.30.1
openSUSE Leap 15.5
xen-4.17.4_02-150500.3.30.1
xen-devel-4.17.4_02-150500.3.30.1
xen-doc-html-4.17.4_02-150500.3.30.1
xen-libs-4.17.4_02-150500.3.30.1
xen-libs-32bit-4.17.4_02-150500.3.30.1
xen-tools-4.17.4_02-150500.3.30.1
xen-tools-domU-4.17.4_02-150500.3.30.1
xen-tools-xendomains-wait-disk-4.17.4_02-150500.3.30.1

Ссылки

Описание

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.

Затронутые продукты
Image SLES15-SP5-Azure-3P:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Basic:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Standard:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-BYOS-Azure:xen-libs-4.17.4_02-150500.3.30.1
Ссылки

Описание

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

Затронутые продукты
Image SLES15-SP5-Azure-3P:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Basic:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Standard:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-BYOS-Azure:xen-libs-4.17.4_02-150500.3.30.1
Ссылки

Описание

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html

Затронутые продукты
Image SLES15-SP5-Azure-3P:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Basic:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-Azure-Standard:xen-libs-4.17.4_02-150500.3.30.1
Image SLES15-SP5-BYOS-Azure:xen-libs-4.17.4_02-150500.3.30.1
Ссылки
Уязвимость SUSE-SU-2024:1295-1