Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-12068 (GCVE-0-2019-12068)
Vulnerability from cvelistv5 – Published: 2019-09-24 19:59 – Updated: 2024-08-04 23:10
VLAI
EPSS
Summary
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://lists.gnu.org/archive/html/qemu-devel/201… | x_refsource_MISC |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://usn.ubuntu.com/4191-2/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://usn.ubuntu.com/4191-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2020/dsa-4665 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-26T13:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12068",
"datePublished": "2019-09-24T19:59:44.000Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-12068",
"date": "2026-05-25",
"epss": "0.00086",
"percentile": "0.24553"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:1\\\\:4.1-1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80139FFB-0C8E-4D88-B457-3460D1BDCE81\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:1\\\\:2.1\\\\+dfsg-12\\\\+deb8u6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1550DA8-F690-4336-8A55-0A762CB4457C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:1\\\\:2.8\\\\+dfsg-6\\\\+deb9u8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F879A847-3201-4368-9727-5BD52E5BC7DA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:1\\\\:3.1\\\\+dfsg-8\\\\+deb10u2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D616634-2792-430E-8979-AF2AA875890F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:1\\\\:3.1\\\\+dfsg-8\\\\~deb10u1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DA49E4C-9EB1-49A2-82A6-A21A17D46A9E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.\"}, {\"lang\": \"es\", \"value\": \"En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la funci\\u00f3n lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el \\u00edndice \\\"s-)dsp\\\" para leer el pr\\u00f3ximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode est\\u00e1 vac\\u00edo. Mueve la salida del bucle existente despu\\u00e9s de 10k iteraciones para que cubra tambi\\u00e9n los opcodes no operativos.\"}]",
"id": "CVE-2019-12068",
"lastModified": "2024-11-21T04:22:10.287",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L\", \"baseScore\": 3.8, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-09-24T20:15:11.747",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2019-12068\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4191-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4191-2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4665\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2019-12068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4191-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4191-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12068\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-09-24T20:15:11.747\",\"lastModified\":\"2024-11-21T04:22:10.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.\"},{\"lang\":\"es\",\"value\":\"En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la funci\u00f3n lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el \u00edndice \\\"s-)dsp\\\" para leer el pr\u00f3ximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode est\u00e1 vac\u00edo. Mueve la salida del bucle existente despu\u00e9s de 10k iteraciones para que cubra tambi\u00e9n los opcodes no operativos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.0,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:4.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80139FFB-0C8E-4D88-B457-3460D1BDCE81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:2.1\\\\+dfsg-12\\\\+deb8u6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1550DA8-F690-4336-8A55-0A762CB4457C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:2.8\\\\+dfsg-6\\\\+deb9u8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F879A847-3201-4368-9727-5BD52E5BC7DA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:3.1\\\\+dfsg-8\\\\+deb10u2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D616634-2792-430E-8979-AF2AA875890F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:1\\\\:3.1\\\\+dfsg-8\\\\~deb10u1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA49E4C-9EB1-49A2-82A6-A21A17D46A9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2019-12068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4665\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2019-12068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4191-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
BDU:2021-03544
Vulnerability from fstec - Published: 24.09.2019
VLAI
Title
Уязвимость программного обеспечения для эмуляции аппаратного обеспечения различных платформ QEMU, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость программного обеспечения для эмуляции аппаратного обеспечения различных платформ QEMU связана с бесконечной работой цикла. Эксплуатация уязвимости позволяет нарушителю вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fabrice Bellard, АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), QEMU, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 3.1 включительно (QEMU), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для QEMU:
Использование рекомендаций производителя: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
Для Debian:
Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2019-12068
Для Astra Linux:
Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
Для ОС ОН «Стрелец»:
Обновление программного обеспечения qemu до версии 1:2.8+dfsg.repack-6+deb9u16.osnova1
Reference
https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
https://nvd.nist.gov/vuln/detail/CVE-2019-12068
https://security-tracker.debian.org/tracker/CVE-2019-12068
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-835
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fabrice Bellard, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 3.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (QEMU), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f QEMU:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2019-12068\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qemu \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:2.8+dfsg.repack-6+deb9u16.osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.07.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03544",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-12068",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), QEMU, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u043c\u0443\u043b\u044f\u0446\u0438\u0438 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c QEMU, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0446\u0438\u043a\u043b\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0432\u044b\u0445\u043e\u0434\u0430 (\u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b) (CWE-835)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u043c\u0443\u043b\u044f\u0446\u0438\u0438 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c QEMU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u043e\u0439 \u0446\u0438\u043a\u043b\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08\nhttps://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12068\nhttps://security-tracker.debian.org/tracker/CVE-2019-12068\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-835",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,1)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,6)"
}
FKIE_CVE-2019-12068
Vulnerability from fkie_nvd - Published: 2019-09-24 20:15 - Updated: 2024-11-21 04:22
Severity
Summary
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qemu | qemu | 1\ | |
| qemu | qemu | 1\ | |
| debian | debian_linux | 8.0 | |
| qemu | qemu | 1\ | |
| debian | debian_linux | 9.0 | |
| qemu | qemu | 1\ | |
| qemu | qemu | 1\ | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:4.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "80139FFB-0C8E-4D88-B457-3460D1BDCE81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:2.1\\+dfsg-12\\+deb8u6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1550DA8-F690-4336-8A55-0A762CB4457C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:2.8\\+dfsg-6\\+deb9u8:*:*:*:*:*:*:*",
"matchCriteriaId": "F879A847-3201-4368-9727-5BD52E5BC7DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\+deb10u2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D616634-2792-430E-8979-AF2AA875890F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\~deb10u1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA49E4C-9EB1-49A2-82A6-A21A17D46A9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
},
{
"lang": "es",
"value": "En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la funci\u00f3n lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el \u00edndice \"s-)dsp\" para leer el pr\u00f3ximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode est\u00e1 vac\u00edo. Mueve la salida del bucle existente despu\u00e9s de 10k iteraciones para que cubra tambi\u00e9n los opcodes no operativos."
}
],
"id": "CVE-2019-12068",
"lastModified": "2024-11-21T04:22:10.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-24T20:15:11.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"source": "cve@mitre.org",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4665"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4699-632X-4VXR
Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2024-04-04 03:06
VLAI
Details
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Severity
{
"affected": [],
"aliases": [
"CVE-2019-12068"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-24T20:15:00Z",
"severity": "LOW"
},
"details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GHSA-4699-632x-4vxr",
"modified": "2024-04-04T03:06:56Z",
"published": "2022-05-24T22:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4191-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2019-12068
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-12068",
"description": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GSD-2019-12068",
"references": [
"https://www.suse.com/security/cve/CVE-2019-12068.html",
"https://www.debian.org/security/2020/dsa-4665",
"https://ubuntu.com/security/CVE-2019-12068",
"https://linux.oracle.com/cve/CVE-2019-12068.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-12068"
],
"details": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"id": "GSD-2019-12068",
"modified": "2023-12-13T01:23:43.898667Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:4.1-1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:2.1\\+dfsg-12\\+deb8u6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:2.8\\+dfsg-6\\+deb9u8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\+deb10u2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1\\:3.1\\+dfsg-8\\~deb10u1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
}
},
"lastModifiedDate": "2020-07-26T14:15Z",
"publishedDate": "2019-09-24T20:15Z"
}
}
}
OPENSUSE-SU-2019:2505-1
Vulnerability from csaf_opensuse - Published: 2019-11-14 05:54 - Updated: 2019-11-14 05:54Summary
Security update for qemu
Severity
Important
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2505
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\n- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15\n- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)\n- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)\n- Expose taa-no \u0027feature\u0027, indicating CPU does not have the\n TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)\n- Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have\n the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2505",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2505-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2505-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2505-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB/#YGK33QVVCMOM3HRWRJ6FPIFV2JBB4XDB"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE Bug 1155812",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-14T05:54:23Z",
"generator": {
"date": "2019-11-14T05:54:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2505-1",
"initial_release_date": "2019-11-14T05:54:23Z",
"revision_history": [
{
"date": "2019-11-14T05:54:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"product": {
"name": "qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"product_id": "qemu-seabios-1.11.0-lp150.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-lp150.7.28.1.noarch",
"product": {
"name": "qemu-sgabios-8-lp150.7.28.1.noarch",
"product_id": "qemu-sgabios-8-lp150.7.28.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"product": {
"name": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"product_id": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-arm-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-extra-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-lang-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-s390-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-tools-2.11.2-lp150.7.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-2.11.2-lp150.7.28.1.x86_64",
"product": {
"name": "qemu-x86-2.11.2-lp150.7.28.1.x86_64",
"product_id": "qemu-x86-2.11.2-lp150.7.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-extra-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.11.0-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch"
},
"product_reference": "qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch"
},
"product_reference": "qemu-sgabios-8-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch"
},
"product_reference": "qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-2.11.2-lp150.7.28.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
},
"product_reference": "qemu-x86-2.11.2-lp150.7.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:qemu-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-arm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-curl-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-dmg-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-gluster-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-iscsi-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-rbd-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-block-ssh-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-extra-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-guest-agent-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ipxe-1.0.0+-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-ksm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-kvm-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-lang-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-ppc-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-s390-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-seabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-sgabios-8-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-tools-2.11.2-lp150.7.28.1.x86_64",
"openSUSE Leap 15.0:qemu-vgabios-1.11.0-lp150.7.28.1.noarch",
"openSUSE Leap 15.0:qemu-x86-2.11.2-lp150.7.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:23Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
}
]
}
OPENSUSE-SU-2019:2510-1
Vulnerability from csaf_opensuse - Published: 2019-11-14 06:31 - Updated: 2019-11-14 06:31Summary
Security update for qemu
Severity
Important
Notes
Title of the patch: Security update for qemu
Description of the patch: This update for qemu fixes the following issues:
qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which
includes 2 fixes we already carry, as well as one additional use-
after-free fix in slirp. (CVE-2018-20126 bsc#1119991,
CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811
respectively)
Security issues fixed:
- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)
- CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)
- CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)
Other issues fixed:
- Change how this bug gets fixed (bsc#1144087)
- Disable file locking in the Xen PV disk backend to avoid locking
issues with PV domUs during migration. The issues triggered by
the locking can not be properly handled in libxl. The locking
introduced in qemu-2.10 was removed again in qemu-4.0.
(bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)
- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)
- Additional hardware instruction support for s390, also update
qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2019-2510
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for qemu",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for qemu fixes the following issues:\n\nqemu was updated to v3.1.1.1, a stable, bug-fix-only release, which\nincludes 2 fixes we already carry, as well as one additional use-\nafter-free fix in slirp. (CVE-2018-20126 bsc#1119991,\nCVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811\nrespectively)\n\nSecurity issues fixed:\n\n- CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873)\n- CVE-2019-11135: Expose taa-no \u0027feature\u0027, indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506)\n- CVE-2018-12207: Expose pschange-mc-no \u0027feature\u0027, indicating CPU does not have the page size change machine check vulnerability (bsc#1117665)\n\nOther issues fixed:\n\n- Change how this bug gets fixed (bsc#1144087)\n- Disable file locking in the Xen PV disk backend to avoid locking\n issues with PV domUs during migration. The issues triggered by\n the locking can not be properly handled in libxl. The locking\n introduced in qemu-2.10 was removed again in qemu-4.0.\n (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774)\n- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132)\n- Additional hardware instruction support for s390, also update\n qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237)\n\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2510",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2510-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2510-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KGVFZGJMBR53343ITOTWO7YW2JVKGHDT/#KGVFZGJMBR53343ITOTWO7YW2JVKGHDT"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2510-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KGVFZGJMBR53343ITOTWO7YW2JVKGHDT/#KGVFZGJMBR53343ITOTWO7YW2JVKGHDT"
},
{
"category": "self",
"summary": "SUSE Bug 1079730",
"url": "https://bugzilla.suse.com/1079730"
},
{
"category": "self",
"summary": "SUSE Bug 1098403",
"url": "https://bugzilla.suse.com/1098403"
},
{
"category": "self",
"summary": "SUSE Bug 1111025",
"url": "https://bugzilla.suse.com/1111025"
},
{
"category": "self",
"summary": "SUSE Bug 1117665",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "self",
"summary": "SUSE Bug 1119991",
"url": "https://bugzilla.suse.com/1119991"
},
{
"category": "self",
"summary": "SUSE Bug 1143794",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "self",
"summary": "SUSE Bug 1144087",
"url": "https://bugzilla.suse.com/1144087"
},
{
"category": "self",
"summary": "SUSE Bug 1145379",
"url": "https://bugzilla.suse.com/1145379"
},
{
"category": "self",
"summary": "SUSE Bug 1145427",
"url": "https://bugzilla.suse.com/1145427"
},
{
"category": "self",
"summary": "SUSE Bug 1145436",
"url": "https://bugzilla.suse.com/1145436"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146873",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "self",
"summary": "SUSE Bug 1149811",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "self",
"summary": "SUSE Bug 1152506",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
}
],
"title": "Security update for qemu",
"tracking": {
"current_release_date": "2019-11-14T06:31:05Z",
"generator": {
"date": "2019-11-14T06:31:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2510-1",
"initial_release_date": "2019-11-14T06:31:05Z",
"revision_history": [
{
"date": "2019-11-14T06:31:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"product": {
"name": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"product_id": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"product": {
"name": "qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"product_id": "qemu-seabios-1.12.0-lp151.7.6.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-sgabios-8-lp151.7.6.1.noarch",
"product": {
"name": "qemu-sgabios-8-lp151.7.6.1.noarch",
"product_id": "qemu-sgabios-8-lp151.7.6.1.noarch"
}
},
{
"category": "product_version",
"name": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"product": {
"name": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"product_id": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64",
"product": {
"name": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64",
"product_id": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch"
},
"product_reference": "qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-seabios-1.12.0-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch"
},
"product_reference": "qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-sgabios-8-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch"
},
"product_reference": "qemu-sgabios-8-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch"
},
"product_reference": "qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
},
"product_reference": "qemu-x86-3.1.1.1-lp151.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2018-20126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20126"
}
],
"notes": [
{
"category": "general",
"text": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20126",
"url": "https://www.suse.com/security/cve/CVE-2018-20126"
},
{
"category": "external",
"summary": "SUSE Bug 1119991 for CVE-2018-20126",
"url": "https://bugzilla.suse.com/1119991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "low"
}
],
"title": "CVE-2018-20126"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:qemu-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-arm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-alsa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-oss-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-pa-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-audio-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-curl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-dmg-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-gluster-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-iscsi-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-nfs-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-rbd-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-block-ssh-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-extra-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-guest-agent-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ipxe-1.0.0+-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-ksm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-kvm-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-lang-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-linux-user-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ppc-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-s390-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-seabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-sgabios-8-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-tools-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-curses-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-gtk-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-ui-sdl-3.1.1.1-lp151.7.6.1.x86_64",
"openSUSE Leap 15.1:qemu-vgabios-1.12.0-lp151.7.6.1.noarch",
"openSUSE Leap 15.1:qemu-x86-3.1.1.1-lp151.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T06:31:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
}
]
}
SUSE-SU-2019:14199-1
Vulnerability from csaf_suse - Published: 2019-10-24 11:23 - Updated: 2019-10-24 11:23Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which
could have led to denial of service (bsc#1135905).
Patchnames: slessp4-xen-14199
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.1 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.7 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
69 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n could have led to denial of service (bsc#1135905).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-xen-14199",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14199-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14199-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914199-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14199-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006052.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:17Z",
"generator": {
"date": "2019-10-24T11:23:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14199-1",
"initial_release_date": "2019-10-24T11:23:17Z",
"revision_history": [
{
"date": "2019-10-24T11:23:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product": {
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"product_id": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_40-61.49.1.i586",
"product": {
"name": "xen-libs-4.4.4_40-61.49.1.i586",
"product_id": "xen-libs-4.4.4_40-61.49.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"product": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"product_id": "xen-tools-domU-4.4.4_40-61.49.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-doc-html-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"product": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-libs-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-libs-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-tools-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-tools-4.4.4_40-61.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"product": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"product_id": "xen-tools-domU-4.4.4_40-61.49.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-doc-html-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586"
},
"product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64"
},
"product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586"
},
"product_reference": "xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586"
},
"product_reference": "xen-libs-4.4.4_40-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-libs-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-tools-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586"
},
"product_reference": "xen-tools-domU-4.4.4_40-61.49.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.4.4_40-61.49.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
},
"product_reference": "xen-tools-domU-4.4.4_40-61.49.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.49.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
SUSE-SU-2019:14201-1
Vulnerability from csaf_suse - Published: 2019-10-25 12:28 - Updated: 2019-10-25 12:28Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which
could have led to denial of service (bsc#1135905).
- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).
- CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).
Patchnames: sleposp3-xen-14201
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
important
5.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586 | — |
Vendor Fix
|
Threats
Impact
moderate
References
70 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n could have led to denial of service (bsc#1135905).\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-xen-14201",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14201-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14201-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914201-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14201-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006057.html"
},
{
"category": "self",
"summary": "SUSE Bug 1047675",
"url": "https://bugzilla.suse.com/1047675"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1130680",
"url": "https://bugzilla.suse.com/1130680"
},
{
"category": "self",
"summary": "SUSE Bug 1135905",
"url": "https://bugzilla.suse.com/1135905"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145652",
"url": "https://bugzilla.suse.com/1145652"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10806 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20815 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12067 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12155 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-25T12:28:21Z",
"generator": {
"date": "2019-10-25T12:28:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14201-1",
"initial_release_date": "2019-10-25T12:28:21Z",
"revision_history": [
{
"date": "2019-10-25T12:28:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product_id": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"product_id": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.2.5_21-45.33.1.i586",
"product": {
"name": "xen-libs-4.2.5_21-45.33.1.i586",
"product_id": "xen-libs-4.2.5_21-45.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.2.5_21-45.33.1.i586",
"product": {
"name": "xen-tools-domU-4.2.5_21-45.33.1.i586",
"product_id": "xen-tools-domU-4.2.5_21-45.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
},
"product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
},
"product_reference": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.2.5_21-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586"
},
"product_reference": "xen-libs-4.2.5_21-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.2.5_21-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
},
"product_reference": "xen-tools-domU-4.2.5_21-45.33.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10806"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10806",
"url": "https://www.suse.com/security/cve/CVE-2017-10806"
},
{
"category": "external",
"summary": "SUSE Bug 1047674 for CVE-2017-10806",
"url": "https://bugzilla.suse.com/1047674"
},
{
"category": "external",
"summary": "SUSE Bug 1047675 for CVE-2017-10806",
"url": "https://bugzilla.suse.com/1047675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2017-10806"
},
{
"cve": "CVE-2018-20815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20815"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20815",
"url": "https://www.suse.com/security/cve/CVE-2018-20815"
},
{
"category": "external",
"summary": "SUSE Bug 1118900 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1118900"
},
{
"category": "external",
"summary": "SUSE Bug 1130675 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1130675"
},
{
"category": "external",
"summary": "SUSE Bug 1130680 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1130680"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-20815",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-20815"
},
{
"cve": "CVE-2019-12067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12067"
}
],
"notes": [
{
"category": "general",
"text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12067",
"url": "https://www.suse.com/security/cve/CVE-2019-12067"
},
{
"category": "external",
"summary": "SUSE Bug 1145642 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145642"
},
{
"category": "external",
"summary": "SUSE Bug 1145652 for CVE-2019-12067",
"url": "https://bugzilla.suse.com/1145652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "low"
}
],
"title": "CVE-2019-12067"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-12155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12155"
}
],
"notes": [
{
"category": "general",
"text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12155",
"url": "https://www.suse.com/security/cve/CVE-2019-12155"
},
{
"category": "external",
"summary": "SUSE Bug 1135902 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135902"
},
{
"category": "external",
"summary": "SUSE Bug 1135905 for CVE-2019-12155",
"url": "https://bugzilla.suse.com/1135905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "low"
}
],
"title": "CVE-2019-12155"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-25T12:28:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
}
]
}
SUSE-SU-2019:2753-1
Vulnerability from csaf_suse - Published: 2019-10-23 11:45 - Updated: 2019-10-23 11:45Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen to version 4.11.2 fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issues fixed:
- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above
(bsc#1137717).
- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
- Fixed an issue where libxenlight could not create new domain (bsc#1131811).
- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
Patchnames: SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.1 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.7 (Medium)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
119 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen to version 4.11.2 fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issues fixed: \n\n- Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above\n (bsc#1137717).\n- Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). \n- Fixed an issue where libxenlight could not create new domain (bsc#1131811).\n- Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).\n- Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2753,SUSE-SLE-DESKTOP-12-SP4-2019-2753,SUSE-SLE-SDK-12-SP4-2019-2753,SUSE-SLE-SERVER-12-SP4-2019-2753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2753-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2753-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192753-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2753-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1111331",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1129642",
"url": "https://bugzilla.suse.com/1129642"
},
{
"category": "self",
"summary": "SUSE Bug 1131811",
"url": "https://bugzilla.suse.com/1131811"
},
{
"category": "self",
"summary": "SUSE Bug 1137717",
"url": "https://bugzilla.suse.com/1137717"
},
{
"category": "self",
"summary": "SUSE Bug 1138294",
"url": "https://bugzilla.suse.com/1138294"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1145240",
"url": "https://bugzilla.suse.com/1145240"
},
{
"category": "self",
"summary": "SUSE Bug 1145774",
"url": "https://bugzilla.suse.com/1145774"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-23T11:45:48Z",
"generator": {
"date": "2019-10-23T11:45:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2753-1",
"initial_release_date": "2019-10-23T11:45:48Z",
"revision_history": [
{
"date": "2019-10-23T11:45:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-devel-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-libs-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-4.11.2_02-2.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.aarch64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.11.2_02-2.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.i586",
"product_id": "xen-devel-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.i586",
"product_id": "xen-libs-4.11.2_02-2.14.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.i586",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-devel-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-doc-html-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-4.11.2_02-2.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"product_id": "xen-tools-domU-4.11.2_02-2.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-devel-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-doc-html-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.11.2_02-2.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64"
},
"product_reference": "xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.2_02-2.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:xen-devel-4.11.2_02-2.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-23T11:45:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
SUSE-SU-2019:2769-1
Vulnerability from csaf_suse - Published: 2019-10-24 11:23 - Updated: 2019-10-24 11:23Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator
which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of
service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU
emulator which could have led to execution of arbitrary code with privileges of the
QEMU process (bsc#1143797).
Other issue fixed:
- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).
Patchnames: HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.1 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.7 (Medium)
Affected products
Recommended
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
112 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed: \t \n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n emulator which could have led to execution of arbitrary code with privileges of the \n QEMU process (bsc#1143797).\n\nOther issue fixed: \n\n- Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2019-2769,SUSE-2019-2769,SUSE-OpenStack-Cloud-8-2019-2769,SUSE-OpenStack-Cloud-Crowbar-8-2019-2769,SUSE-SLE-SAP-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-2019-2769,SUSE-SLE-SERVER-12-SP3-BCL-2019-2769,SUSE-Storage-5-2019-2769",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2769-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2769-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006050.html"
},
{
"category": "self",
"summary": "SUSE Bug 1126140",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "self",
"summary": "SUSE Bug 1126141",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "self",
"summary": "SUSE Bug 1126192",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "self",
"summary": "SUSE Bug 1126195",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "self",
"summary": "SUSE Bug 1126196",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "self",
"summary": "SUSE Bug 1126197",
"url": "https://bugzilla.suse.com/1126197"
},
{
"category": "self",
"summary": "SUSE Bug 1126198",
"url": "https://bugzilla.suse.com/1126198"
},
{
"category": "self",
"summary": "SUSE Bug 1126201",
"url": "https://bugzilla.suse.com/1126201"
},
{
"category": "self",
"summary": "SUSE Bug 1127400",
"url": "https://bugzilla.suse.com/1127400"
},
{
"category": "self",
"summary": "SUSE Bug 1133818",
"url": "https://bugzilla.suse.com/1133818"
},
{
"category": "self",
"summary": "SUSE Bug 1143797",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "self",
"summary": "SUSE Bug 1146874",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "self",
"summary": "SUSE Bug 1149813",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11091 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12068 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14378 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15890 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17340 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17341 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17342 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17343 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17344 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17345 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17346 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17347 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17348 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17348/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-10-24T11:23:02Z",
"generator": {
"date": "2019-10-24T11:23:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2769-1",
"initial_release_date": "2019-10-24T11:23:02Z",
"revision_history": [
{
"date": "2019-10-24T11:23:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-devel-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-libs-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-4.9.4_04-3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.aarch64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.9.4_04-3.56.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.i586",
"product_id": "xen-devel-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.i586",
"product_id": "xen-libs-4.9.4_04-3.56.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.i586",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-doc-html-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-tools-domU-4.9.4_04-3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product": {
"name": "xen-devel-4.9.4_04-3.56.2.x86_64",
"product_id": "xen-devel-4.9.4_04-3.56.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-doc-html-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.9.4_04-3.56.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
},
"product_reference": "xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12126"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12126",
"url": "https://www.suse.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1135524 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1135524"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1149725 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149725"
},
{
"category": "external",
"summary": "SUSE Bug 1149726 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149726"
},
{
"category": "external",
"summary": "SUSE Bug 1149729 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1149729"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12126",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12126"
},
{
"cve": "CVE-2018-12127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12127"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12127",
"url": "https://www.suse.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12127",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12127"
},
{
"cve": "CVE-2018-12130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12130"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12130",
"url": "https://www.suse.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1135409 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1135409"
},
{
"category": "external",
"summary": "SUSE Bug 1137916 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1137916"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12130",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-12130"
},
{
"cve": "CVE-2019-11091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11091"
}
],
"notes": [
{
"category": "general",
"text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11091",
"url": "https://www.suse.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "SUSE Bug 1103186 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1103186"
},
{
"category": "external",
"summary": "SUSE Bug 1111331 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1111331"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1133319"
},
{
"category": "external",
"summary": "SUSE Bug 1135394 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1135394"
},
{
"category": "external",
"summary": "SUSE Bug 1138043 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138043"
},
{
"category": "external",
"summary": "SUSE Bug 1138534 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1138534"
},
{
"category": "external",
"summary": "SUSE Bug 1141977 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1141977"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11091",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-11091"
},
{
"cve": "CVE-2019-12068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12068"
}
],
"notes": [
{
"category": "general",
"text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12068",
"url": "https://www.suse.com/security/cve/CVE-2019-12068"
},
{
"category": "external",
"summary": "SUSE Bug 1146873 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146873"
},
{
"category": "external",
"summary": "SUSE Bug 1146874 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1146874"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-12068",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-12068"
},
{
"cve": "CVE-2019-14378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14378"
}
],
"notes": [
{
"category": "general",
"text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14378",
"url": "https://www.suse.com/security/cve/CVE-2019-14378"
},
{
"category": "external",
"summary": "SUSE Bug 1143794 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143794"
},
{
"category": "external",
"summary": "SUSE Bug 1143797 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1143797"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-14378",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-14378"
},
{
"cve": "CVE-2019-15890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15890"
}
],
"notes": [
{
"category": "general",
"text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15890",
"url": "https://www.suse.com/security/cve/CVE-2019-15890"
},
{
"category": "external",
"summary": "SUSE Bug 1149811 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149811"
},
{
"category": "external",
"summary": "SUSE Bug 1149813 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1149813"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-15890",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-15890"
},
{
"cve": "CVE-2019-17340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17340"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17340",
"url": "https://www.suse.com/security/cve/CVE-2019-17340"
},
{
"category": "external",
"summary": "SUSE Bug 1126140 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1126140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17340",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17340"
},
{
"cve": "CVE-2019-17341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17341"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17341",
"url": "https://www.suse.com/security/cve/CVE-2019-17341"
},
{
"category": "external",
"summary": "SUSE Bug 1126141 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1126141"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17341",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17341"
},
{
"cve": "CVE-2019-17342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17342"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17342",
"url": "https://www.suse.com/security/cve/CVE-2019-17342"
},
{
"category": "external",
"summary": "SUSE Bug 1126192 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1126192"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17342",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17342"
},
{
"cve": "CVE-2019-17343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17343"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17343",
"url": "https://www.suse.com/security/cve/CVE-2019-17343"
},
{
"category": "external",
"summary": "SUSE Bug 1126195 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1126195"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17343",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17343"
},
{
"cve": "CVE-2019-17344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17344"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17344",
"url": "https://www.suse.com/security/cve/CVE-2019-17344"
},
{
"category": "external",
"summary": "SUSE Bug 1126196 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1126196"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-17344",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17344"
},
{
"cve": "CVE-2019-17345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17345"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17345",
"url": "https://www.suse.com/security/cve/CVE-2019-17345"
},
{
"category": "external",
"summary": "SUSE Bug 1126197 for CVE-2019-17345",
"url": "https://bugzilla.suse.com/1126197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17345"
},
{
"cve": "CVE-2019-17346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17346",
"url": "https://www.suse.com/security/cve/CVE-2019-17346"
},
{
"category": "external",
"summary": "SUSE Bug 1126198 for CVE-2019-17346",
"url": "https://bugzilla.suse.com/1126198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17346"
},
{
"cve": "CVE-2019-17347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17347"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17347",
"url": "https://www.suse.com/security/cve/CVE-2019-17347"
},
{
"category": "external",
"summary": "SUSE Bug 1126201 for CVE-2019-17347",
"url": "https://bugzilla.suse.com/1126201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "important"
}
],
"title": "CVE-2019-17347"
},
{
"cve": "CVE-2019-17348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17348"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17348",
"url": "https://www.suse.com/security/cve/CVE-2019-17348"
},
{
"category": "external",
"summary": "SUSE Bug 1127400 for CVE-2019-17348",
"url": "https://bugzilla.suse.com/1127400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:xen-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"HPE Helion OpenStack 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Enterprise Storage 5:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_04-3.56.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_04-3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-24T11:23:02Z",
"details": "moderate"
}
],
"title": "CVE-2019-17348"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…