Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0818-1 Final 1 1 2020-06-14T16:26:57Z current 2020-06-14T16:26:57Z 2020-06-14T16:26:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen to version 4.12.3 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205). - Added support for new 64bit libxl memory API (bsc#1167007 and bsc#1157490). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-818 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRJJ64XQBFNSNFR6IVUVZQQYKIPTZY7K/ E-Mail link for openSUSE-SU-2020:0818-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027519 SUSE Bug 1027519 https://bugzilla.suse.com/1157490 SUSE Bug 1157490 https://bugzilla.suse.com/1167007 SUSE Bug 1167007 https://bugzilla.suse.com/1172205 SUSE Bug 1172205 https://www.suse.com/security/cve/CVE-2020-0543/ SUSE CVE CVE-2020-0543 page openSUSE Leap 15.1 xen-4.12.3_02-lp151.2.18.2 xen-devel-4.12.3_02-lp151.2.18.2 xen-doc-html-4.12.3_02-lp151.2.18.2 xen-libs-4.12.3_02-lp151.2.18.2 xen-libs-32bit-4.12.3_02-lp151.2.18.2 xen-tools-4.12.3_02-lp151.2.18.2 xen-tools-domU-4.12.3_02-lp151.2.18.2 xen-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 xen-devel-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 xen-doc-html-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 xen-libs-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 xen-libs-32bit-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 xen-tools-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 xen-tools-domU-4.12.3_02-lp151.2.18.2 as a component of openSUSE Leap 15.1 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 openSUSE Leap 15.1:xen-4.12.3_02-lp151.2.18.2 openSUSE Leap 15.1:xen-devel-4.12.3_02-lp151.2.18.2 openSUSE Leap 15.1:xen-doc-html-4.12.3_02-lp151.2.18.2 openSUSE Leap 15.1:xen-libs-32bit-4.12.3_02-lp151.2.18.2 openSUSE Leap 15.1:xen-libs-4.12.3_02-lp151.2.18.2 openSUSE Leap 15.1:xen-tools-4.12.3_02-lp151.2.18.2 openSUSE Leap 15.1:xen-tools-domU-4.12.3_02-lp151.2.18.2 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRJJ64XQBFNSNFR6IVUVZQQYKIPTZY7K/ https://www.suse.com/security/cve/CVE-2020-0543.html CVE-2020-0543 https://bugzilla.suse.com/1154824 SUSE Bug 1154824 https://bugzilla.suse.com/1172205 SUSE Bug 1172205 https://bugzilla.suse.com/1172206 SUSE Bug 1172206 https://bugzilla.suse.com/1172207 SUSE Bug 1172207 https://bugzilla.suse.com/1172770 SUSE Bug 1172770 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877