Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3895-1 Final 1 1 2023-09-29T08:59:54Z current 2023-09-29T08:59:54Z 2023-09-29T08:59:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616). - CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP2-BYOS-Azure-2023-3895,Image SLES15-SP2-HPC-BYOS-Azure-2023-3895,Image SLES15-SP2-SAP-Azure-2023-3895,Image SLES15-SP2-SAP-Azure-LI-BYOS-Production-2023-3895,Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production-2023-3895,Image SLES15-SP2-SAP-BYOS-Azure-2023-3895,Image SLES15-SP2-SAP-BYOS-EC2-HVM-2023-3895,Image SLES15-SP2-SAP-BYOS-GCE-2023-3895,Image SLES15-SP2-SAP-EC2-HVM-2023-3895,Image SLES15-SP2-SAP-GCE-2023-3895,SUSE-2023-3895,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3895,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3895,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3895 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233895-1/ Link for SUSE-SU-2023:3895-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016463.html E-Mail link for SUSE-SU-2023:3895-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213616 SUSE Bug 1213616 https://bugzilla.suse.com/1214083 SUSE Bug 1214083 https://bugzilla.suse.com/1215145 SUSE Bug 1215145 https://bugzilla.suse.com/1215474 SUSE Bug 1215474 https://www.suse.com/security/cve/CVE-2022-40982/ SUSE CVE CVE-2022-40982 page https://www.suse.com/security/cve/CVE-2023-20588/ SUSE CVE CVE-2023-20588 page https://www.suse.com/security/cve/CVE-2023-20593/ SUSE CVE CVE-2023-20593 page https://www.suse.com/security/cve/CVE-2023-34322/ SUSE CVE CVE-2023-34322 page Image SLES15-SP2-BYOS-Azure Image SLES15-SP2-HPC-BYOS-Azure Image SLES15-SP2-SAP-Azure Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-SAP-BYOS-Azure Image SLES15-SP2-SAP-BYOS-EC2-HVM Image SLES15-SP2-SAP-BYOS-GCE Image SLES15-SP2-SAP-EC2-HVM Image SLES15-SP2-SAP-GCE SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 xen-libs-4.13.5_04-150200.3.77.1 xen-tools-domU-4.13.5_04-150200.3.77.1 xen-4.13.5_04-150200.3.77.1 xen-devel-4.13.5_04-150200.3.77.1 xen-doc-html-4.13.5_04-150200.3.77.1 xen-libs-32bit-4.13.5_04-150200.3.77.1 xen-libs-64bit-4.13.5_04-150200.3.77.1 xen-tools-4.13.5_04-150200.3.77.1 xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-BYOS-Azure xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-HPC-BYOS-Azure xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-Azure xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-BYOS-Azure xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-BYOS-EC2-HVM xen-tools-domU-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-BYOS-EC2-HVM xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-BYOS-GCE xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-EC2-HVM xen-tools-domU-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-EC2-HVM xen-libs-4.13.5_04-150200.3.77.1 as a component of Image SLES15-SP2-SAP-GCE xen-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xen-devel-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xen-libs-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xen-tools-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xen-tools-domU-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xen-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xen-devel-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xen-libs-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xen-tools-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xen-tools-domU-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xen-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xen-devel-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xen-libs-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xen-tools-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xen-tools-domU-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-40982 Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-GCE:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-GCE:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 moderate 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233895-1/ https://www.suse.com/security/cve/CVE-2022-40982.html CVE-2022-40982 https://bugzilla.suse.com/1206418 SUSE Bug 1206418 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-GCE:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-GCE:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 moderate 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233895-1/ https://www.suse.com/security/cve/CVE-2023-20588.html CVE-2023-20588 https://bugzilla.suse.com/1213927 SUSE Bug 1213927 An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-GCE:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-GCE:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 moderate 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233895-1/ https://www.suse.com/security/cve/CVE-2023-20593.html CVE-2023-20593 https://bugzilla.suse.com/1213286 SUSE Bug 1213286 https://bugzilla.suse.com/1213616 SUSE Bug 1213616 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough. CVE-2023-34322 Image SLES15-SP2-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-HPC-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-Azure:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-BYOS-GCE:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-libs-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-EC2-HVM:xen-tools-domU-4.13.5_04-150200.3.77.1 Image SLES15-SP2-SAP-GCE:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1 important 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233895-1/ https://www.suse.com/security/cve/CVE-2023-34322.html CVE-2023-34322 https://bugzilla.suse.com/1215145 SUSE Bug 1215145