Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-17346 (GCVE-0-2019-17346)
Vulnerability from cvelistv5
Published
2019-10-08 00:02
Modified
2024-08-05 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T22:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-292.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-292.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17346",
"datePublished": "2019-10-08T00:02:15",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-17346\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-08T01:15:10.830\",\"lastModified\":\"2024-11-21T04:32:08.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegaci\u00f3n de servicio u alcanzar privilegios debido a una incompatibilidad entre los Identificadores de Contexto del Proceso (PCID) y las descargas de TLB.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.11.2\",\"matchCriteriaId\":\"995A0BB2-DE83-47A8-98B3-ADDB5BFBA786\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/25/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-292.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-292.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/25/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-292.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-292.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
ghsa-j897-36j5-vg2q
Vulnerability from github
Published
2022-05-24 16:58
Modified
2023-02-03 21:30
Severity ?
VLAI Severity ?
Details
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
{
"affected": [],
"aliases": [
"CVE-2019-17346"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-08T01:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"id": "GHSA-j897-36j5-vg2q",
"modified": "2023-02-03T21:30:28Z",
"published": "2022-05-24T16:58:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17346"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2019-17346
Vulnerability from fkie_nvd
Published
2019-10-08 01:15
Modified
2024-11-21 04:32
Severity ?
Summary
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/25/5 | Mailing List | |
| cve@mitre.org | http://xenbits.xen.org/xsa/advisory-292.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2020/Jan/21 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4602 | Third Party Advisory | |
| cve@mitre.org | https://xenbits.xen.org/xsa/advisory-292.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/25/5 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://xenbits.xen.org/xsa/advisory-292.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2020/Jan/21 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4602 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xen.org/xsa/advisory-292.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A0BB2-DE83-47A8-98B3-ADDB5BFBA786",
"versionEndIncluding": "4.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegaci\u00f3n de servicio u alcanzar privilegios debido a una incompatibilidad entre los Identificadores de Contexto del Proceso (PCID) y las descargas de TLB."
}
],
"id": "CVE-2019-17346",
"lastModified": "2024-11-21T04:32:08.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T01:15:10.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-ru-2019:2767-1
Vulnerability from csaf_suse
Published
2019-10-24 10:23
Modified
2019-10-24 10:23
Summary
Recommended update for xen
Notes
Title of the patch
Recommended update for xen
Description of the patch
This update for xen to version 4.10.4 fixes the following issues:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration
(bsc#1133818).
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Xenpvnetboot is now ported correctly to Python 3 (bsc#1138563).
Patchnames
SUSE-2019-2767,SUSE-SLE-Module-Basesystem-15-2019-2767,SUSE-SLE-Module-Server-Applications-15-2019-2767
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.10.4 fixes the following issues:\n\n- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration\n (bsc#1133818).\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Xenpvnetboot is now ported correctly to Python 3 (bsc#1138563).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2767,SUSE-SLE-Module-Basesystem-15-2019-2767,SUSE-SLE-Module-Server-Applications-15-2019-2767",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2019_2767-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2019:2767-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20192767-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2019:2767-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2019-October/012836.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1133818",
"url": "https://bugzilla.suse.com/1133818"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1138563",
"url": "https://bugzilla.suse.com/1138563"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17349 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17349/"
}
],
"title": "Recommended update for xen",
"tracking": {
"current_release_date": "2019-10-24T10:23:00Z",
"generator": {
"date": "2019-10-24T10:23:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2019:2767-1",
"initial_release_date": "2019-10-24T10:23:00Z",
"revision_history": [
{
"date": "2019-10-24T10:23:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-devel-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-devel-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-doc-html-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-doc-html-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-libs-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-libs-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-tools-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-tools-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-tools-domU-4.10.4_04-3.22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.10.4_04-3.22.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.10.4_04-3.22.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.10.4_04-3.22.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.10.4_04-3.22.1.i586",
"product": {
"name": "xen-devel-4.10.4_04-3.22.1.i586",
"product_id": "xen-devel-4.10.4_04-3.22.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_04-3.22.1.i586",
"product": {
"name": "xen-libs-4.10.4_04-3.22.1.i586",
"product_id": "xen-libs-4.10.4_04-3.22.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_04-3.22.1.i586",
"product": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.i586",
"product_id": "xen-tools-domU-4.10.4_04-3.22.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-devel-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-devel-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-doc-html-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-doc-html-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-libs-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-libs-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-libs-32bit-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-tools-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-tools-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-tools-domU-4.10.4_04-3.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
},
{
"cve": "CVE-2019-17349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17349"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17349",
"url": "https://www.suse.com/security/cve/CVE-2019-17349"
},
{
"category": "external",
"summary": "SUSE Bug 1138294 for CVE-2019-17349",
"url": "https://bugzilla.suse.com/1138294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17349"
}
]
}
suse-su-2019:14199-1
Vulnerability from csaf_suse
Published
2019-10-24 11:23
Modified
2019-10-24 11:23
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which
could have led to denial of service (bsc#1135905).
Patchnames
slessp4-xen-14199
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n could have led to denial of service (bsc#1135905).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-xen-14199",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14199-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14199-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914199-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14199-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006052.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:17Z",
"generator": {
"date": "2019-10-24T11:23:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14199-1",
"initial_release_date": "2019-10-24T11:23:17Z",
"revision_history": [
{
"date": "2019-10-24T11:23:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product_id": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_40-61.49.1.i586",
"product": {
"name": "xen-libs-4.4.4_40-61.49.1.i586",
"product_id": "xen-libs-4.4.4_40-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"product": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"product_id": "xen-tools-domU-4.4.4_40-61.49.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-doc-html-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-libs-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-tools-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_40-61.49.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586"
},
"product_reference": "xen-libs-4.4.4_40-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:2769-1
Vulnerability from csaf_suse
Published
2019-10-24 11:23
Modified
2019-10-24 11:23
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issue fixed:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).
Patchnames
HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issue fixed: \n\n- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2769-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2769-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006050.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1133818",
"url": "https://bugzilla.suse.com/1133818"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:02Z",
"generator": {
"date": "2019-10-24T11:23:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2769-1",
"initial_release_date": "2019-10-24T11:23:02Z",
"revision_history": [
{
"date": "2019-10-24T11:23:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-devel-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-libs-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product_id": "xen-devel-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product_id": "xen-libs-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-devel-4.9.4_04-3.56.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:2783-1
Vulnerability from csaf_suse
Published
2019-10-25 12:28
Modified
2019-10-25 12:28
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Patchnames
SUSE-2019-2783,SUSE-OpenStack-Cloud-7-2019-2783,SUSE-SLE-SAP-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-BCL-2019-2783,SUSE-Storage-4-2019-2783
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\t \n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2783,SUSE-OpenStack-Cloud-7-2019-2783,SUSE-SLE-SAP-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-2019-2783,SUSE-SLE-SERVER-12-SP2-BCL-2019-2783,SUSE-Storage-4-2019-2783",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2783-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2783-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192783-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2783-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006058.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-25T12:28:11Z",
"generator": {
"date": "2019-10-25T12:28:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2783-1",
"initial_release_date": "2019-10-25T12:28:11Z",
"revision_history": [
{
"date": "2019-10-25T12:28:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.7.6_06-43.54.2.i586",
"product": {
"name": "xen-devel-4.7.6_06-43.54.2.i586",
"product_id": "xen-devel-4.7.6_06-43.54.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_06-43.54.2.i586",
"product": {
"name": "xen-libs-4.7.6_06-43.54.2.i586",
"product_id": "xen-libs-4.7.6_06-43.54.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_06-43.54.2.i586",
"product": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.i586",
"product_id": "xen-tools-domU-4.7.6_06-43.54.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-devel-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-devel-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-doc-html-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-libs-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-tools-4.7.6_06-43.54.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"product_id": "xen-tools-domU-4.7.6_06-43.54.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_06-43.54.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.54.2.x86_64",
"SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.54.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
suse-su-2019:2753-1
Vulnerability from csaf_suse
Published
2019-10-23 11:45
Modified
2019-10-23 11:45
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Patchnames
SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.11.2 fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issues fixed: \n\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2753-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2753-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2753-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1111331",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-23T11:45:48Z",
"generator": {
"date": "2019-10-23T11:45:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2753-1",
"initial_release_date": "2019-10-23T11:45:48Z",
"revision_history": [
{
"date": "2019-10-23T11:45:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-devel-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-libs-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product_id": "xen-devel-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product_id": "xen-libs-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-devel-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
gsd-2019-17346
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-17346",
"description": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"id": "GSD-2019-17346",
"references": [
"https://www.suse.com/security/cve/CVE-2019-17346.html",
"https://www.debian.org/security/2020/dsa-4602"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-17346"
],
"details": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"id": "GSD-2019-17346",
"modified": "2023-12-13T01:23:44.578598Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-292.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-292.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.11.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17346"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-292.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID",
"refsource": "MLIST",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/5"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-292.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-292.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-02-03T20:23Z",
"publishedDate": "2019-10-08T01:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…