Overview

File _patchinfo of Package patchinfo.11297

<patchinfo incident="11297">
  <issue tracker="bnc" id="1130680">VUL-0: CVE-2018-20815: xen: qemu: device_tree: heap buffer overflow while loading device tree blob</issue>
  <issue tracker="bnc" id="1116380">live migrations are failing when spectre is enabled on xen boot cmdline</issue>
  <issue tracker="bnc" id="1133818">L3: libxenlight failed to restore domain 'vsa6535522'  on live migration</issue>
  <issue tracker="bnc" id="1111331">VUL-0: CPU issues Q2 2019 aka "Microarchitectural Data Sampling (MDS)" aka ZombieLoadAttack / RIDL / Fallout</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="cve" id="2018-12130"/>
  <issue tracker="cve" id="2018-20815"/>
  <issue tracker="cve" id="2019-11091"/>
  <issue tracker="cve" id="2018-12127"/>
  <issue tracker="cve" id="2018-12126"/>
  <packager>charlesa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates.

The mitigation can be controlled via the "mds" commandline option, see the documentation.

For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736

Other fixes:

- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).
- Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380).
- Fixed an issue with live migration (bsc#1133818).
- Added upstream bug fix (bsc#1027519).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places