{"affected":[{"ecosystem_specific":{"binaries":[{"xen-kmp-default":"4.2.5_22_3.0.101_0.47.106.59-45.36.1","xen-kmp-pae":"4.2.5_22_3.0.101_0.47.106.59-45.36.1","xen-libs":"4.2.5_22-45.36.1","xen-tools-domU":"4.2.5_22-45.36.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.5_22-45.36.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xen fixes the following issues:\n\n- bsc#1174543 - secure boot related fixes\n- bsc#1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf() usages\n- bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy\n- bsc#1168140 - CVE-2020-11740, CVE-2020-11741: multiple xenoprof issues\n- bsc#1161181 - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host\n- bsc#1154456 - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation\n- bsc#1154458 - CVE-2019-18421: Issues with restartable PV type change operations\n","id":"SUSE-SU-2020:14448-1","modified":"2020-08-11T11:35:05Z","published":"2020-08-11T11:35:05Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-202014448-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154456"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154458"},{"type":"REPORT","url":"https://bugzilla.suse.com/1161181"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1168140"},{"type":"REPORT","url":"https://bugzilla.suse.com/1169392"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18421"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-11740"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-11741"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-11742"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-7211"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-8608"}],"related":["CVE-2019-18421","CVE-2019-18425","CVE-2020-11740","CVE-2020-11741","CVE-2020-11742","CVE-2020-7211","CVE-2020-8608"],"summary":"Security update for xen","upstream":["CVE-2019-18421","CVE-2019-18425","CVE-2020-11740","CVE-2020-11741","CVE-2020-11742","CVE-2020-7211","CVE-2020-8608"]}