Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1419-1 Final 1 1 2019-05-20T15:24:48Z current 2019-05-20T15:24:48Z 2019-05-20T15:24:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Security issue fixed: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680) Other fixes: - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime. The included README has details about the impact of this change (bsc#1120095) This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html E-Mail link for openSUSE-SU-2019:1419-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 xen-4.9.4_04-40.1 xen-devel-4.9.4_04-40.1 xen-doc-html-4.9.4_04-40.1 xen-libs-4.9.4_04-40.1 xen-libs-32bit-4.9.4_04-40.1 xen-tools-4.9.4_04-40.1 xen-tools-domU-4.9.4_04-40.1 xen-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 xen-devel-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 xen-doc-html-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 xen-libs-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 xen-libs-32bit-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 xen-tools-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 xen-tools-domU-4.9.4_04-40.1 as a component of openSUSE Leap 42.3 Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12126 openSUSE Leap 42.3:xen-4.9.4_04-40.1 openSUSE Leap 42.3:xen-devel-4.9.4_04-40.1 openSUSE Leap 42.3:xen-doc-html-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-32bit-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-domU-4.9.4_04-40.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html https://www.suse.com/security/cve/CVE-2018-12126.html CVE-2018-12126 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1135409 SUSE Bug 1135409 https://bugzilla.suse.com/1135522 SUSE Bug 1135522 https://bugzilla.suse.com/1135524 SUSE Bug 1135524 https://bugzilla.suse.com/1137916 SUSE Bug 1137916 https://bugzilla.suse.com/1149725 SUSE Bug 1149725 https://bugzilla.suse.com/1149726 SUSE Bug 1149726 https://bugzilla.suse.com/1149729 SUSE Bug 1149729 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12127 openSUSE Leap 42.3:xen-4.9.4_04-40.1 openSUSE Leap 42.3:xen-devel-4.9.4_04-40.1 openSUSE Leap 42.3:xen-doc-html-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-32bit-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-domU-4.9.4_04-40.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html https://www.suse.com/security/cve/CVE-2018-12127.html CVE-2018-12127 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1135409 SUSE Bug 1135409 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12130 openSUSE Leap 42.3:xen-4.9.4_04-40.1 openSUSE Leap 42.3:xen-devel-4.9.4_04-40.1 openSUSE Leap 42.3:xen-doc-html-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-32bit-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-domU-4.9.4_04-40.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html https://www.suse.com/security/cve/CVE-2018-12130.html CVE-2018-12130 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1135409 SUSE Bug 1135409 https://bugzilla.suse.com/1137916 SUSE Bug 1137916 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. CVE-2018-20815 openSUSE Leap 42.3:xen-4.9.4_04-40.1 openSUSE Leap 42.3:xen-devel-4.9.4_04-40.1 openSUSE Leap 42.3:xen-doc-html-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-32bit-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-domU-4.9.4_04-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html https://www.suse.com/security/cve/CVE-2018-20815.html CVE-2018-20815 https://bugzilla.suse.com/1118900 SUSE Bug 1118900 https://bugzilla.suse.com/1130675 SUSE Bug 1130675 https://bugzilla.suse.com/1130680 SUSE Bug 1130680 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2019-11091 openSUSE Leap 42.3:xen-4.9.4_04-40.1 openSUSE Leap 42.3:xen-devel-4.9.4_04-40.1 openSUSE Leap 42.3:xen-doc-html-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-32bit-4.9.4_04-40.1 openSUSE Leap 42.3:xen-libs-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-4.9.4_04-40.1 openSUSE Leap 42.3:xen-tools-domU-4.9.4_04-40.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00045.html https://www.suse.com/security/cve/CVE-2019-11091.html CVE-2019-11091 https://bugzilla.suse.com/1103186 SUSE Bug 1103186 https://bugzilla.suse.com/1111331 SUSE Bug 1111331 https://bugzilla.suse.com/1132686 SUSE Bug 1132686 https://bugzilla.suse.com/1133319 SUSE Bug 1133319 https://bugzilla.suse.com/1135394 SUSE Bug 1135394 https://bugzilla.suse.com/1178658 SUSE Bug 1178658