-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3678
                          Security update for xen
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25604 CVE-2020-25603 CVE-2020-25601
                   CVE-2020-25600 CVE-2020-25597 CVE-2020-25596
                   CVE-2020-25595 CVE-2020-15567 CVE-2020-15565
                   CVE-2020-14364 CVE-2020-0543 

Reference:         ESB-2020.3437
                   ESB-2020.3259.2
                   ESB-2020.3251

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-202014521-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for xen

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:14521-1
Rating:            important
References:        #1172205 #1173378 #1173380 #1175534 #1176343 #1176344
                   #1176345 #1176346 #1176347 #1176348 #1176350
Cross-References:  CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567
                   CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25600
                   CVE-2020-25601 CVE-2020-25603 CVE-2020-25604
Affected Products:
                   SUSE Linux Enterprise Server 11-SP4-LTSS
                   SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This update for xen fixes the following issues:

  o CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling
    (SRBDS) aka "CrossTalk" (bsc#1172205,XSA-320)
  o CVE-2020-14364: Fixed an out-of-bounds read/write access while processing
    usb packets (bsc#1175534).
  o CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321).
  o CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE
    (bsc#1173380,XSA-328)
  o CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back
    hardware registers (bsc#1176344,XSA-337)
  o CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel
    via SYSENTER (bsc#1176345,XSA-339)
  o CVE-2020-25597: Fixed an issue where a valid event channels may not turn
    invalid (bsc#1176346,XSA-338)
  o CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86
    domains (bsc#1176348,XSA-342)
  o CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset()
    / evtchn_destroy() (bsc#1176350,XSA-344)
  o CVE-2020-25603: Fixed an issue due to missing barriers when accessing/
    allocating an event channel (bsc#1176347,XSA-340)
  o CVE-2020-25604: Fixed a race condition when migrating timers between x86
    HVM vCPU-s (bsc#1176343,XSA-336)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-xen-14521=1
  o SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-xen-14521=1

Package List:

  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):
       xen-kmp-default-4.4.4_44_3.0.101_108.117-61.55.1
       xen-libs-4.4.4_44-61.55.1
       xen-tools-domU-4.4.4_44-61.55.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
       xen-4.4.4_44-61.55.1
       xen-doc-html-4.4.4_44-61.55.1
       xen-libs-32bit-4.4.4_44-61.55.1
       xen-tools-4.4.4_44-61.55.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586):
       xen-kmp-pae-4.4.4_44_3.0.101_108.117-61.55.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
       xen-debuginfo-4.4.4_44-61.55.1
       xen-debugsource-4.4.4_44-61.55.1


References:

  o https://www.suse.com/security/cve/CVE-2020-0543.html
  o https://www.suse.com/security/cve/CVE-2020-14364.html
  o https://www.suse.com/security/cve/CVE-2020-15565.html
  o https://www.suse.com/security/cve/CVE-2020-15567.html
  o https://www.suse.com/security/cve/CVE-2020-25595.html
  o https://www.suse.com/security/cve/CVE-2020-25596.html
  o https://www.suse.com/security/cve/CVE-2020-25597.html
  o https://www.suse.com/security/cve/CVE-2020-25600.html
  o https://www.suse.com/security/cve/CVE-2020-25601.html
  o https://www.suse.com/security/cve/CVE-2020-25603.html
  o https://www.suse.com/security/cve/CVE-2020-25604.html
  o https://bugzilla.suse.com/1172205
  o https://bugzilla.suse.com/1173378
  o https://bugzilla.suse.com/1173380
  o https://bugzilla.suse.com/1175534
  o https://bugzilla.suse.com/1176343
  o https://bugzilla.suse.com/1176344
  o https://bugzilla.suse.com/1176345
  o https://bugzilla.suse.com/1176346
  o https://bugzilla.suse.com/1176347
  o https://bugzilla.suse.com/1176348
  o https://bugzilla.suse.com/1176350

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5Ytd+NLKJtyKPYoAQiZPg/9HMSE2ARcEM3tmq+kg6kKhzlUI/0lj7xN
YDxUkgt4qezt8r/Z0Y0OlN00Zj4z0jmNNfv/j5CgITvTLELByxC8GrDbrZAgPEyI
fJNwD7hmDWFBQEh2AzyX0Tvkyemt/D1L5cHV29LSixlKSTKGNLL+gb5SM669nu4j
Co7HGLS+7Y+8qhFJTAOUKJGIAcZ90WQCYd6Qk846OTqzbKIR6FK4Ry5VlRTcBfSN
K2h/gILfVe/YC/YA7X+qGGexvnyhhcOe/v6dfqUGQebkrcXj+hrLnPOAdCgSsCCY
BvkoRGy0L56dMTmjFVlB1pTAxSbPywYFZm7G3oklnj2H92XWK5wltp24oMMbNPCI
0v11ewIaqpG3nhBN4HXmFhWctyUZedFS+6fks73udEVp5ixhgN5Cu9PPB1KOITm9
ALOOzMfMwiwETMXZp51a9DfKYDptZ+/wQrKYm9nBpZ2ItuwS8JE413vC6KNp1MIz
qWYoT4gp4OFoWTngcU3e6N44/N/WdSGCB8rMBN4+FG0qkO+uvmCcd5sndPEt5brg
SdsQ/RuZW+82G592UZ03wXEGccDpWZfiEfGohM8Cc8r44fuxYKlz78N9BF7NVST/
0C7FlJ9oFYAC+rhKbAjLWLkB7HBpI9dGLNwSOGWCQQmLICGkIlJds5ROlbQXe4ar
Z3MpyJ6pPD0=
=/n17
-----END PGP SIGNATURE-----