Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3831-1 Final 1 1 2023-09-27T17:15:27Z current 2023-09-27T17:15:27Z 2023-09-27T17:15:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP5-Micro-5-5-2023-3831,Image SLES15-SP5-Micro-5-5-Azure-2023-3831,Image SLES15-SP5-Micro-5-5-BYOS-2023-3831,Image SLES15-SP5-Micro-5-5-BYOS-Azure-2023-3831,Image SLES15-SP5-Micro-5-5-BYOS-EC2-2023-3831,Image SLES15-SP5-Micro-5-5-BYOS-GCE-2023-3831,Image SLES15-SP5-Micro-5-5-EC2-2023-3831,Image SLES15-SP5-Micro-5-5-GCE-2023-3831,Image SLES15-SP5-SAP-Azure-LI-BYOS-2023-3831,Image SLES15-SP5-SAP-Azure-LI-BYOS-Production-2023-3831,Image SLES15-SP5-SAP-Azure-VLI-BYOS-2023-3831,Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production-2023-3831,SUSE-2023-3831,SUSE-SLE-Module-Basesystem-15-SP5-2023-3831,SUSE-SLE-Module-Server-Applications-15-SP5-2023-3831,openSUSE-SLE-15.5-2023-3831 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233831-1/ Link for SUSE-SU-2023:3831-1 https://lists.suse.com/pipermail/sle-updates/2023-September/031734.html E-Mail link for SUSE-SU-2023:3831-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215145 SUSE Bug 1215145 https://bugzilla.suse.com/1215474 SUSE Bug 1215474 https://www.suse.com/security/cve/CVE-2023-20588/ SUSE CVE CVE-2023-20588 page https://www.suse.com/security/cve/CVE-2023-34322/ SUSE CVE CVE-2023-34322 page Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Image SLES15-SP5-Micro-5-5-BYOS Image SLES15-SP5-Micro-5-5-BYOS-Azure Image SLES15-SP5-Micro-5-5-BYOS-EC2 Image SLES15-SP5-Micro-5-5-BYOS-GCE Image SLES15-SP5-Micro-5-5-EC2 Image SLES15-SP5-Micro-5-5-GCE Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP5 openSUSE Leap 15.5 xen-libs-4.17.2_04-150500.3.9.1 xen-tools-domU-4.17.2_04-150500.3.9.1 xen-4.17.2_04-150500.3.9.1 xen-devel-4.17.2_04-150500.3.9.1 xen-doc-html-4.17.2_04-150500.3.9.1 xen-libs-32bit-4.17.2_04-150500.3.9.1 xen-libs-64bit-4.17.2_04-150500.3.9.1 xen-tools-4.17.2_04-150500.3.9.1 xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5 xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-Azure xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS xen-tools-domU-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-Azure xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-EC2 xen-tools-domU-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-EC2 xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-BYOS-GCE xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-EC2 xen-tools-domU-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-EC2 xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-Micro-5-5-GCE xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-SAP-Azure-LI-BYOS-Production xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS xen-libs-4.17.2_04-150500.3.9.1 as a component of Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production xen-libs-4.17.2_04-150500.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 xen-tools-domU-4.17.2_04-150500.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 xen-4.17.2_04-150500.3.9.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 xen-devel-4.17.2_04-150500.3.9.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 xen-tools-4.17.2_04-150500.3.9.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 xen-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-devel-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-doc-html-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-libs-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-libs-32bit-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-tools-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-tools-domU-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 as a component of openSUSE Leap 15.5 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.  CVE-2023-20588 Image SLES15-SP5-Micro-5-5-Azure:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-Azure:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-EC2:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-EC2:xen-tools-domU-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-GCE:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS:xen-tools-domU-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-EC2:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-EC2:xen-tools-domU-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-GCE:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:xen-libs-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-devel-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-doc-html-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-libs-32bit-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-libs-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-tools-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-tools-domU-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233831-1/ https://www.suse.com/security/cve/CVE-2023-20588.html CVE-2023-20588 https://bugzilla.suse.com/1213927 SUSE Bug 1213927 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-34322 Image SLES15-SP5-Micro-5-5-Azure:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-Azure:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-EC2:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-EC2:xen-tools-domU-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS-GCE:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-BYOS:xen-tools-domU-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-EC2:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-EC2:xen-tools-domU-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5-GCE:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-Micro-5-5:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-LI-BYOS-Production:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-LI-BYOS:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production:xen-libs-4.17.2_04-150500.3.9.1 Image SLES15-SP5-SAP-Azure-VLI-BYOS:xen-libs-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.2_04-150500.3.9.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-devel-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-doc-html-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-libs-32bit-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-libs-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-tools-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-tools-domU-4.17.2_04-150500.3.9.1 openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.2_04-150500.3.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233831-1/ https://www.suse.com/security/cve/CVE-2023-34322.html CVE-2023-34322 https://bugzilla.suse.com/1215145 SUSE Bug 1215145