suse-su-2019:2753-1
Vulnerability from csaf_suse
Published
2019-10-23 11:45
Modified
2019-10-23 11:45
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Patchnames
SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.11.2 fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issues fixed: \n\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2753-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2753-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2753-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1111331",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-23T11:45:48Z",
"generator": {
"date": "2019-10-23T11:45:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2753-1",
"initial_release_date": "2019-10-23T11:45:48Z",
"revision_history": [
{
"date": "2019-10-23T11:45:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-devel-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-libs-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product_id": "xen-devel-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product_id": "xen-libs-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-devel-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…