Overview

File _patchinfo of Package patchinfo.8389

<patchinfo incident="8389">
  <issue tracker="bnc" id="1091107">VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1103276">VUL-0: xen: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)</issue>
  <issue tracker="cve" id="2018-3646"/>
  <category>security</category>
  <rating>important</rating>
  <packager>charlesa</packager>
  <description>This update for xen fixes the following security issues:

- CVE-2018-3646: Systems with microprocessors utilizing speculative execution
  and address translations may have allowed unauthorized disclosure of
  information residing in the L1 data cache to an attacker with local user access
  with guest OS privilege via a terminal page fault and a side-channel analysis
  (bsc#1091107, bsc#1027519).
- Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or
  buggy guest administrator can lock up the entire host (bsc#1103276)
  </description>
  <summary>Security update for xen</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places