{"affected":[{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.59.1","xen-doc-html":"4.7.6_06-43.59.1","xen-libs":"4.7.6_06-43.59.1","xen-libs-32bit":"4.7.6_06-43.59.1","xen-tools":"4.7.6_06-43.59.1","xen-tools-domU":"4.7.6_06-43.59.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.59.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.59.1","xen-doc-html":"4.7.6_06-43.59.1","xen-libs":"4.7.6_06-43.59.1","xen-libs-32bit":"4.7.6_06-43.59.1","xen-tools":"4.7.6_06-43.59.1","xen-tools-domU":"4.7.6_06-43.59.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.59.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.59.1","xen-doc-html":"4.7.6_06-43.59.1","xen-libs":"4.7.6_06-43.59.1","xen-libs-32bit":"4.7.6_06-43.59.1","xen-tools":"4.7.6_06-43.59.1","xen-tools-domU":"4.7.6_06-43.59.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.59.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.59.1","xen-doc-html":"4.7.6_06-43.59.1","xen-libs":"4.7.6_06-43.59.1","xen-libs-32bit":"4.7.6_06-43.59.1","xen-tools":"4.7.6_06-43.59.1","xen-tools-domU":"4.7.6_06-43.59.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.59.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xen fixes the following issues:\n\n- CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181).\n- CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888).\n- CVE-2019-19581: find_next_bit() issues (bsc#1158003).\n- CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004).\n- CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005).\n- CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006).\n- CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007).\n- CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448).\n- CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456).\n- CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458).\n- CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461).\n- CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945).\n- CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497).\n","id":"SUSE-SU-2020:0334-1","modified":"2020-02-06T10:01:20Z","published":"2020-02-06T10:01:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200334-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1152497"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154448"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154456"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154458"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154461"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155945"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157888"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158003"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158004"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158005"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158006"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158007"},{"type":"REPORT","url":"https://bugzilla.suse.com/1161181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11135"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18420"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18421"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18424"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19577"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19578"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19579"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19580"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19581"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19583"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-7211"}],"related":["CVE-2018-12207","CVE-2019-11135","CVE-2019-18420","CVE-2019-18421","CVE-2019-18424","CVE-2019-18425","CVE-2019-19577","CVE-2019-19578","CVE-2019-19579","CVE-2019-19580","CVE-2019-19581","CVE-2019-19583","CVE-2020-7211"],"summary":"Security update for xen","upstream":["CVE-2018-12207","CVE-2019-11135","CVE-2019-18420","CVE-2019-18421","CVE-2019-18424","CVE-2019-18425","CVE-2019-19577","CVE-2019-19578","CVE-2019-19579","CVE-2019-19580","CVE-2019-19581","CVE-2019-19583","CVE-2020-7211"]}