[SUSE-SU-2024:1259-1] Security update for xen
Severity
Moderate
Affected Packages
3
CVEs
3
Security update for xen
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.16.6 (bsc#1027519)
Package | Affected Version |
---|---|
pkg:rpm/suse/xen-libs?arch=x86_64&distro=slem-5 | < 4.16.6_02-150400.4.55.1 |
pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.4 | < 4.16.6_02-150400.4.55.1 |
pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.3 | < 4.16.6_02-150400.4.55.1 |
- ID
- SUSE-SU-2024:1259-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20241259-1/
- Published
-
2024-04-12T13:03:16
(5 months ago) - Modified
-
2024-04-12T13:03:16
(5 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2023-46842
- ALPINE:CVE-2024-2201
- ALPINE:CVE-2024-31142
- ALSA-2024:5101
- DSA-5658-1
- ELSA-2024-12271
- ELSA-2024-12272
- ELSA-2024-12274
- ELSA-2024-12275
- ELSA-2024-12377
- ELSA-2024-12380
- ELSA-2024-12385
- ELSA-2024-5101
- FEDORA-2024-169a1cc589
- FEDORA-2024-4357ec611d
- FEDORA-2024-58c950d8d8
- FEDORA-2024-a46df5ba2f
- FEDORA-2024-a676697123
- RHSA-2024:5101
- RHSA-2024:5102
- RLSA-2024:5101
- SUSE-SU-2024:1295-1
- SUSE-SU-2024:1322-1
- SUSE-SU-2024:1466-1
- SUSE-SU-2024:1480-1
- SUSE-SU-2024:1490-1
- SUSE-SU-2024:1540-1
- SUSE-SU-2024:1541-1
- SUSE-SU-2024:1643-1
- SUSE-SU-2024:1644-1
- SUSE-SU-2024:1646-1
- SUSE-SU-2024:1648-1
- SUSE-SU-2024:1870-1
- SUSE-SU-2024:2008-1
- SUSE-SU-2024:2190-1
- SUSE-SU-2024:2531-1
- SUSE-SU-2024:2533-1
- SUSE-SU-2024:2534-1
- SUSE-SU-2024:2535-1
- SUSE-SU-2024:2654-1
- USN-6765-1
- USN-6766-1
- USN-6766-2
- USN-6766-3
- USN-6774-1
- USN-6795-1
- USN-6828-1
- USN-6865-1
- USN-6866-1
- USN-6866-2
- USN-6866-3
- USN-6868-1
- USN-6868-2
- VU:155143
- XSA-454
- XSA-455
- XSA-456
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1259-1.json | |
Suse | URL for SUSE-SU-2024:1259-1 | https://www.suse.com/support/update/announcement/2024/suse-su-20241259-1/ | |
Suse | E-Mail link for SUSE-SU-2024:1259-1 | https://lists.suse.com/pipermail/sle-updates/2024-April/034964.html | |
Bugzilla | SUSE Bug 1027519 | https://bugzilla.suse.com/1027519 | |
Bugzilla | SUSE Bug 1221984 | https://bugzilla.suse.com/1221984 | |
Bugzilla | SUSE Bug 1222302 | https://bugzilla.suse.com/1222302 | |
Bugzilla | SUSE Bug 1222453 | https://bugzilla.suse.com/1222453 | |
CVE | SUSE CVE CVE-2023-46842 page | https://www.suse.com/security/cve/CVE-2023-46842/ | |
CVE | SUSE CVE CVE-2024-2201 page | https://www.suse.com/security/cve/CVE-2024-2201/ | |
CVE | SUSE CVE CVE-2024-31142 page | https://www.suse.com/security/cve/CVE-2024-31142/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=slem-5 | suse | xen-libs | < 4.16.6_02-150400.4.55.1 | slem-5 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.4 | suse | xen-libs | < 4.16.6_02-150400.4.55.1 | opensuse-leap-micro-5.4 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.3 | suse | xen-libs | < 4.16.6_02-150400.4.55.1 | opensuse-leap-micro-5.3 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |