Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2017-1 Final 1 1 2020-11-25T20:08:37Z current 2020-11-25T20:08:37Z 2020-11-25T20:08:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issues fixed: - Updated to Xen 4.13.2 bug fix release (bsc#1027519). - Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519). - Adjusted help for --max_iters, default is 5 (bsc#1177950). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2017 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHV4EWRFFS4A6PZIGBZQ2KTQFUWF52LY/ E-Mail link for openSUSE-SU-2020:2017-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027519 SUSE Bug 1027519 https://bugzilla.suse.com/1177950 SUSE Bug 1177950 https://bugzilla.suse.com/1178591 SUSE Bug 1178591 https://www.suse.com/security/cve/CVE-2020-28368/ SUSE CVE CVE-2020-28368 page openSUSE Leap 15.2 xen-4.13.2_02-lp152.2.15.1 xen-devel-4.13.2_02-lp152.2.15.1 xen-doc-html-4.13.2_02-lp152.2.15.1 xen-libs-4.13.2_02-lp152.2.15.1 xen-libs-32bit-4.13.2_02-lp152.2.15.1 xen-tools-4.13.2_02-lp152.2.15.1 xen-tools-domU-4.13.2_02-lp152.2.15.1 xen-tools-xendomains-wait-disk-4.13.2_02-lp152.2.15.1 xen-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-devel-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-doc-html-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-libs-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-libs-32bit-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-tools-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-tools-domU-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 xen-tools-xendomains-wait-disk-4.13.2_02-lp152.2.15.1 as a component of openSUSE Leap 15.2 Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. CVE-2020-28368 openSUSE Leap 15.2:xen-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-devel-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-doc-html-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-libs-32bit-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-libs-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-tools-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-tools-domU-4.13.2_02-lp152.2.15.1 openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_02-lp152.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHV4EWRFFS4A6PZIGBZQ2KTQFUWF52LY/ https://www.suse.com/security/cve/CVE-2020-28368.html CVE-2020-28368 https://bugzilla.suse.com/1178591 SUSE Bug 1178591 https://bugzilla.suse.com/1178658 SUSE Bug 1178658