Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-17345 (GCVE-0-2019-17345)
Vulnerability from cvelistv5 – Published: 2019-10-08 00:02 – Updated: 2024-08-05 01:40
VLAI?
EPSS
Summary
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T22:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-291.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-291.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17345",
"datePublished": "2019-10-08T00:02:29",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-08-05T01:40:14.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.8.0\", \"versionEndIncluding\": \"4.11.2\", \"matchCriteriaId\": \"2E3F800E-C871-4E5D-AF9E-4FDBDECC825F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones 4.8.x hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegaci\\u00f3n de servicio porque el manejo inapropiado de las operaciones fallidas de IOMMU causa una comprobaci\\u00f3n de errores durante la limpieza de un invitado bloqueado.\"}]",
"id": "CVE-2019-17345",
"lastModified": "2024-11-21T04:32:07.983",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 4.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-10-08T01:15:10.767",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/25/4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-291.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-291.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/25/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-291.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-291.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-17345\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-08T01:15:10.767\",\"lastModified\":\"2024-11-21T04:32:07.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones 4.8.x hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegaci\u00f3n de servicio porque el manejo inapropiado de las operaciones fallidas de IOMMU causa una comprobaci\u00f3n de errores durante la limpieza de un invitado bloqueado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8.0\",\"versionEndIncluding\":\"4.11.2\",\"matchCriteriaId\":\"2E3F800E-C871-4E5D-AF9E-4FDBDECC825F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/25/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-291.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-291.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/25/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-291.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-291.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
SUSE-SU-2019:2769-1
Vulnerability from csaf_suse - Published: 2019-10-24 11:23 - Updated: 2019-10-24 11:23Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issue fixed:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).
Patchnames
HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issue fixed: \n\n- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2769-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2769-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006050.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1133818",
"url": "https://bugzilla.suse.com/1133818"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:02Z",
"generator": {
"date": "2019-10-24T11:23:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2769-1",
"initial_release_date": "2019-10-24T11:23:02Z",
"revision_history": [
{
"date": "2019-10-24T11:23:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-devel-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-libs-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product_id": "xen-devel-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product_id": "xen-libs-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-devel-4.9.4_04-3.56.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
SUSE-SU-2019:2753-1
Vulnerability from csaf_suse - Published: 2019-10-23 11:45 - Updated: 2019-10-23 11:45Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Patchnames
SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.11.2 fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issues fixed: \n\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2753-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2753-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2753-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1111331",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-23T11:45:48Z",
"generator": {
"date": "2019-10-23T11:45:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2753-1",
"initial_release_date": "2019-10-23T11:45:48Z",
"revision_history": [
{
"date": "2019-10-23T11:45:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-devel-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-libs-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product_id": "xen-devel-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product_id": "xen-libs-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-devel-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
SUSE-RU-2019:2767-1
Vulnerability from csaf_suse - Published: 2019-10-24 10:23 - Updated: 2019-10-24 10:23Summary
Recommended update for xen
Notes
Title of the patch
Recommended update for xen
Description of the patch
This update for xen to version 4.10.4 fixes the following issues:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration
(bsc#1133818).
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Xenpvnetboot is now ported correctly to Python 3 (bsc#1138563).
Patchnames
SUSE-2019-2767,SUSE-SLE-Module-Basesystem-15-2019-2767,SUSE-SLE-Module-Server-Applications-15-2019-2767
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.10.4 fixes the following issues:\n\n- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration\n (bsc#1133818).\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Xenpvnetboot is now ported correctly to Python 3 (bsc#1138563).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2767,SUSE-SLE-Module-Basesystem-15-2019-2767,SUSE-SLE-Module-Server-Applications-15-2019-2767",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2019_2767-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2019:2767-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20192767-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2019:2767-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2019-October/012836.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1133818",
"url": "https://bugzilla.suse.com/1133818"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1138563",
"url": "https://bugzilla.suse.com/1138563"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17349 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17349/"
}
],
"title": "Recommended update for xen",
"tracking": {
"current_release_date": "2019-10-24T10:23:00Z",
"generator": {
"date": "2019-10-24T10:23:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2019:2767-1",
"initial_release_date": "2019-10-24T10:23:00Z",
"revision_history": [
{
"date": "2019-10-24T10:23:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-devel-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-devel-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-doc-html-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-doc-html-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-libs-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-libs-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-tools-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-tools-4.10.4_04-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_04-3.22.1.aarch64",
"product": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.aarch64",
"product_id": "xen-tools-domU-4.10.4_04-3.22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.10.4_04-3.22.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.10.4_04-3.22.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.10.4_04-3.22.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.10.4_04-3.22.1.i586",
"product": {
"name": "xen-devel-4.10.4_04-3.22.1.i586",
"product_id": "xen-devel-4.10.4_04-3.22.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_04-3.22.1.i586",
"product": {
"name": "xen-libs-4.10.4_04-3.22.1.i586",
"product_id": "xen-libs-4.10.4_04-3.22.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_04-3.22.1.i586",
"product": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.i586",
"product_id": "xen-tools-domU-4.10.4_04-3.22.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-devel-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-devel-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-doc-html-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-doc-html-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-libs-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-libs-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-libs-32bit-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-tools-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-tools-4.10.4_04-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"product_id": "xen-tools-domU-4.10.4_04-3.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_04-3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_04-3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
},
{
"cve": "CVE-2019-17349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17349"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17349",
"url": "https://www.suse.com/security/cve/CVE-2019-17349"
},
{
"category": "external",
"summary": "SUSE Bug 1138294 for CVE-2019-17349",
"url": "https://bugzilla.suse.com/1138294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_04-3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_04-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T10:23:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17349"
}
]
}
GHSA-PH73-RJ9X-9Q3G
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-05-24 16:58
VLAI?
Details
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-17345"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-08T01:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"id": "GHSA-ph73-rj9x-9q3g",
"modified": "2022-05-24T16:58:09Z",
"published": "2022-05-24T16:58:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17345"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2019-17345
Vulnerability from fkie_nvd - Published: 2019-10-08 01:15 - Updated: 2024-11-21 04:32
Severity ?
Summary
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/25/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://xenbits.xen.org/xsa/advisory-291.html | Vendor Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2020/Jan/21 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4602 | Third Party Advisory | |
| cve@mitre.org | https://xenbits.xen.org/xsa/advisory-291.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/25/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://xenbits.xen.org/xsa/advisory-291.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2020/Jan/21 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4602 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xen.org/xsa/advisory-291.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3F800E-C871-4E5D-AF9E-4FDBDECC825F",
"versionEndIncluding": "4.11.2",
"versionStartIncluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones 4.8.x hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado PV de x86, causar una denegaci\u00f3n de servicio porque el manejo inapropiado de las operaciones fallidas de IOMMU causa una comprobaci\u00f3n de errores durante la limpieza de un invitado bloqueado."
}
],
"id": "CVE-2019-17345",
"lastModified": "2024-11-21T04:32:07.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T01:15:10.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2019-34759
Vulnerability from cnvd - Published: 2019-10-12
VLAI Severity ?
Title
Xen拒绝服务漏洞(CNVD-2019-34759)
Description
Xen是一款开源虚拟机监视器产品。
Xen存在拒绝服务漏洞,x86 PV客户端操作系统攻击者可利用该漏洞导致拒绝服务。
Severity
中
Patch Name
Xen拒绝服务漏洞(CNVD-2019-34759)的补丁
Patch Description
Xen是一款开源虚拟机监视器产品。
Xen存在拒绝服务漏洞,x86 PV客户端操作系统攻击者可利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://xenbits.xen.org/xsa/advisory-291.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-17345
Impacted products
| Name | Xen Xen >=4.8.x,<=4.11.x |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-17345",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-17345"
}
},
"description": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\n\nXen\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0cx86 PV\u5ba2\u6237\u7aef\u64cd\u4f5c\u7cfb\u7edf\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Igor Druzhinin and Andrew Cooper",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://xenbits.xen.org/xsa/advisory-291.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-34759",
"openTime": "2019-10-12",
"patchDescription": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\r\n\r\nXen\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0cx86 PV\u5ba2\u6237\u7aef\u64cd\u4f5c\u7cfb\u7edf\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-34759\uff09\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen \u003e=4.8.x\uff0c\u003c=4.11.x"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-17345",
"serverity": "\u4e2d",
"submitTime": "2019-10-08",
"title": "Xen\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-34759\uff09"
}
GSD-2019-17345
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-17345",
"description": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"id": "GSD-2019-17345",
"references": [
"https://www.suse.com/security/cve/CVE-2019-17345.html",
"https://www.debian.org/security/2020/dsa-4602"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-17345"
],
"details": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"id": "GSD-2019-17345",
"modified": "2023-12-13T01:23:44.384706Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-291.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-291.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.11.2",
"versionStartIncluding": "4.8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17345"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-291.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/25/4"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-291.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-291.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
},
"lastModifiedDate": "2022-03-31T18:11Z",
"publishedDate": "2019-10-08T01:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…