[SUSE-SU-2024:1259-1] Security update for xen
Severity
Moderate
Affected Packages
3
CVEs
3
Security update for xen
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.16.6 (bsc#1027519)
| Package | Affected Version |
|---|---|
 pkg:rpm/suse/xen-libs?arch=x86_64&distro=slem-5
|
< 4.16.6_02-150400.4.55.1 |
|
pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.4
|
< 4.16.6_02-150400.4.55.1 |
|
pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.3
|
< 4.16.6_02-150400.4.55.1 |
- ID
- SUSE-SU-2024:1259-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20241259-1/
- Published
-
2024-04-12T13:03:16
(5 months ago) - Modified
-
2024-04-12T13:03:16
(5 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALPINE:CVE-2023-46842
-
ALPINE:CVE-2024-2201
-
ALPINE:CVE-2024-31142
-
ALSA-2024:5101
-
DSA-5658-1
-
ELSA-2024-12271
-
ELSA-2024-12272
-
ELSA-2024-12274
-
ELSA-2024-12275
-
ELSA-2024-12377
-
ELSA-2024-12380
-
ELSA-2024-12385
-
ELSA-2024-5101
-
FEDORA-2024-169a1cc589
-
FEDORA-2024-4357ec611d
-
FEDORA-2024-58c950d8d8
-
FEDORA-2024-a46df5ba2f
-
FEDORA-2024-a676697123
-
RHSA-2024:5101
-
RHSA-2024:5102
-
RLSA-2024:5101
-
SUSE-SU-2024:1295-1
-
SUSE-SU-2024:1322-1
-
SUSE-SU-2024:1466-1
-
SUSE-SU-2024:1480-1
-
SUSE-SU-2024:1490-1
-
SUSE-SU-2024:1540-1
-
SUSE-SU-2024:1541-1
-
SUSE-SU-2024:1643-1
-
SUSE-SU-2024:1644-1
-
SUSE-SU-2024:1646-1
-
SUSE-SU-2024:1648-1
-
SUSE-SU-2024:1870-1
-
SUSE-SU-2024:2008-1
-
SUSE-SU-2024:2190-1
-
SUSE-SU-2024:2531-1
-
SUSE-SU-2024:2533-1
-
SUSE-SU-2024:2534-1
-
SUSE-SU-2024:2535-1
-
SUSE-SU-2024:2654-1
-
USN-6765-1
-
USN-6766-1
-
USN-6766-2
-
USN-6766-3
-
USN-6774-1
-
USN-6795-1
-
USN-6828-1
-
USN-6865-1
-
USN-6866-1
-
USN-6866-2
-
USN-6866-3
-
USN-6868-1
-
USN-6868-2
-
VU:155143
-
XSA-454
-
XSA-455
-
XSA-456
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Suse | URL for SUSE-SU-2024:1259-1 |
|
|
| Suse | E-Mail link for SUSE-SU-2024:1259-1 |
|
|
| Bugzilla | SUSE Bug 1027519 |
|
|
| Bugzilla | SUSE Bug 1221984 |
|
|
| Bugzilla | SUSE Bug 1222302 |
|
|
| Bugzilla | SUSE Bug 1222453 |
|
|
| CVE | SUSE CVE CVE-2023-46842 page |
|
|
| CVE | SUSE CVE CVE-2024-2201 page |
|
|
| CVE | SUSE CVE CVE-2024-31142 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=slem-5 | suse |
xen-libs
|
< 4.16.6_02-150400.4.55.1 | slem-5 | x86_64 | |
| Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.4 | suse |
xen-libs
|
< 4.16.6_02-150400.4.55.1 | opensuse-leap-micro-5.4 | x86_64 | |
| Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.3 | suse |
xen-libs
|
< 4.16.6_02-150400.4.55.1 | opensuse-leap-micro-5.3 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |