SUSE-SU-2021:2923-1 -- SLES xenID: oval:org.secpod.oval:def:89047117 | Date: (C)2022-10-21 (M)2023-11-10 |
Class: PATCH | Family: unix |
This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release . Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling - CVE-2021-0089: xen: Speculative Code Store Bypass - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 . - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation . - CVE-2021-28698: long running loops in grant table handling . - CVE-2021-28699: inadequate grant-v2 status frames array bounds check . - CVE-2021-28700: No memory limit for dom0less domUs . Other issues fixed: - Fixed "Panic on CPU 0: IO-APIC + timer doesn"t work!" - Fixed an issue with xencommons, where file format expecations by fillup did not allign - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly - Upstream bug fixes - Fixed Xen SLES11SP4 guest hangs on cluster . - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown . - Dom0 hangs when pinning CPUs for dom0 with HVM guest . - Some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands . - Update logrotate.conf, move global options into per-file sections to prevent globbering of global state . - Prevent superpage allocation in the LAPIC and ACPI_INFO range .
Platform: |
SUSE Linux Enterprise Server 15 SP3 |
SUSE Linux Enterprise Desktop 15 SP3 |