Vulnerability-Lookup

CVE-2018-20815 (GCVE-0-2018-20815)

Vulnerability from cvelistv5 – Published: 2019-05-31 21:40 – Updated: 2024-08-05 12:12

Summary

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

12 references

URL	Tags
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1667	vendor-advisoryx_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:1723	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1743	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1881	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1968	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2507	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2553	vendor-advisoryx_refsource_REDHAT
https://seclists.org/bugtraq/2019/Aug/41	mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4506	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:27.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17"
          },
          {
            "name": "RHSA-2019:1667",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1667"
          },
          {
            "name": "FEDORA-2019-52a8f5468e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
          },
          {
            "name": "FEDORA-2019-e9de40d53f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
          },
          {
            "name": "RHSA-2019:1723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1723"
          },
          {
            "name": "RHSA-2019:1743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1743"
          },
          {
            "name": "RHSA-2019:1881",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1881"
          },
          {
            "name": "RHSA-2019:1968",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1968"
          },
          {
            "name": "RHSA-2019:2507",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2507"
          },
          {
            "name": "RHSA-2019:2553",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2553"
          },
          {
            "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/41"
          },
          {
            "name": "DSA-4506",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-26T14:06:15.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17"
        },
        {
          "name": "RHSA-2019:1667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1667"
        },
        {
          "name": "FEDORA-2019-52a8f5468e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
        },
        {
          "name": "FEDORA-2019-e9de40d53f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
        },
        {
          "name": "RHSA-2019:1723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1723"
        },
        {
          "name": "RHSA-2019:1743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1743"
        },
        {
          "name": "RHSA-2019:1881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1881"
        },
        {
          "name": "RHSA-2019:1968",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1968"
        },
        {
          "name": "RHSA-2019:2507",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2507"
        },
        {
          "name": "RHSA-2019:2553",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2553"
        },
        {
          "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/41"
        },
        {
          "name": "DSA-4506",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4506"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17",
              "refsource": "MISC",
              "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17"
            },
            {
              "name": "RHSA-2019:1667",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1667"
            },
            {
              "name": "FEDORA-2019-52a8f5468e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
            },
            {
              "name": "FEDORA-2019-e9de40d53f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
            },
            {
              "name": "RHSA-2019:1723",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1723"
            },
            {
              "name": "RHSA-2019:1743",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1743"
            },
            {
              "name": "RHSA-2019:1881",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1881"
            },
            {
              "name": "RHSA-2019:1968",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1968"
            },
            {
              "name": "RHSA-2019:2507",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2507"
            },
            {
              "name": "RHSA-2019:2553",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2553"
            },
            {
              "name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/41"
            },
            {
              "name": "DSA-4506",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4506"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20815",
    "datePublished": "2019-05-31T21:40:01.000Z",
    "dateReserved": "2019-03-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:12:27.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-20815",
      "date": "2026-05-30",
      "epss": "0.03497",
      "percentile": "0.87806"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-20815\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-31T22:29:00.833\",\"lastModified\":\"2024-11-21T04:02:14.560\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.\"},{\"lang\":\"es\",\"value\":\"En QEMU versi\u00f3n 3.1.0, la funci\u00f3n load_device_tree en el archivo device_tree.c llama a la funci\u00f3n en desuso load_image, que tiene un riesgo de desbordamiento de b\u00fafer.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27B0619A-AA3E-45D2-9B1E-8CC726BA51AE\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1667\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1723\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1743\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1881\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1968\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2507\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2553\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/41\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4506\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/41\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2019:1349-1

Vulnerability from csaf_suse - Published: 2019-05-24 12:04 - Updated: 2019-05-24 12:04

Summary

Security update for xen

Severity

Important

Notes

Title of the patch: Security update for xen

Description of the patch: This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Added upstream bug fix (bsc#1027519).

Patchnames: SUSE-2019-1349,SUSE-SLE-SAP-12-SP1-2019-1349,SUSE-SLE-SERVER-12-SP1-2019-1349

CVE-2018-12126

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12127

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12130

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-20815

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-11091

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 14 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

62 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027519	self
https://bugzilla.suse.com/1111331	self
https://bugzilla.suse.com/1130680	self
https://www.suse.com/security/cve/CVE-2018-12126/	self
https://www.suse.com/security/cve/CVE-2018-12127/	self
https://www.suse.com/security/cve/CVE-2018-12130/	self
https://www.suse.com/security/cve/CVE-2018-20815/	self
https://www.suse.com/security/cve/CVE-2019-11091/	self
https://www.suse.com/security/cve/CVE-2018-12126	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1135524	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1149725	external
https://bugzilla.suse.com/1149726	external
https://bugzilla.suse.com/1149729	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12127	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12130	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-20815	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1130675	external
https://bugzilla.suse.com/1130680	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-11091	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1133319	external
https://bugzilla.suse.com/1135394	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\n- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThese updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates.\n\nThe mitigation can be controlled via the \u0027mds\u0027 commandline option, see the documentation.\n\nFor more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nOther fixes:\n\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- Added upstream bug fix (bsc#1027519).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-1349,SUSE-SLE-SAP-12-SP1-2019-1349,SUSE-SLE-SERVER-12-SP1-2019-1349",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1349-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:1349-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191349-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:1349-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005501.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027519",
        "url": "https://bugzilla.suse.com/1027519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1111331",
        "url": "https://bugzilla.suse.com/1111331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130680",
        "url": "https://bugzilla.suse.com/1130680"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12126 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12127 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12130 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20815 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11091 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11091/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2019-05-24T12:04:34Z",
      "generator": {
        "date": "2019-05-24T12:04:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:1349-1",
      "initial_release_date": "2019-05-24T12:04:34Z",
      "revision_history": [
        {
          "date": "2019-05-24T12:04:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-devel-4.5.5_28-22.61.1.i586",
                "product": {
                  "name": "xen-devel-4.5.5_28-22.61.1.i586",
                  "product_id": "xen-devel-4.5.5_28-22.61.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.5.5_28-22.61.1.i586",
                "product": {
                  "name": "xen-libs-4.5.5_28-22.61.1.i586",
                  "product_id": "xen-libs-4.5.5_28-22.61.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.5.5_28-22.61.1.i586",
                "product": {
                  "name": "xen-tools-domU-4.5.5_28-22.61.1.i586",
                  "product_id": "xen-tools-domU-4.5.5_28-22.61.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-4.5.5_28-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-devel-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-devel-4.5.5_28-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-doc-html-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-doc-html-4.5.5_28-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
                "product": {
                  "name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
                  "product_id": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-libs-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-libs-4.5.5_28-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-tools-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-tools-4.5.5_28-22.61.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.5.5_28-22.61.1.x86_64",
                "product": {
                  "name": "xen-tools-domU-4.5.5_28-22.61.1.x86_64",
                  "product_id": "xen-tools-domU-4.5.5_28-22.61.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64"
        },
        "product_reference": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-libs-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-tools-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64"
        },
        "product_reference": "xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-libs-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-tools-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.5.5_28-22.61.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.5.5_28-22.61.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12126",
          "url": "https://www.suse.com/security/cve/CVE-2018-12126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135524 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149725 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149726 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149729 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T12:04:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12126"
    },
    {
      "cve": "CVE-2018-12127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12127",
          "url": "https://www.suse.com/security/cve/CVE-2018-12127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T12:04:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12127"
    },
    {
      "cve": "CVE-2018-12130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12130",
          "url": "https://www.suse.com/security/cve/CVE-2018-12130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T12:04:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12130"
    },
    {
      "cve": "CVE-2018-20815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20815",
          "url": "https://www.suse.com/security/cve/CVE-2018-20815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130675 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130680 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T12:04:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20815"
    },
    {
      "cve": "CVE-2019-11091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11091",
          "url": "https://www.suse.com/security/cve/CVE-2019-11091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133319 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1133319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135394 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1135394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:xen-tools-domU-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-doc-html-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-32bit-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-libs-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-4.5.5_28-22.61.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:xen-tools-domU-4.5.5_28-22.61.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T12:04:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11091"
    }
  ]
}

SUSE-SU-2019:1371-1

Vulnerability from csaf_suse - Published: 2019-05-28 13:33 - Updated: 2019-05-28 13:33

Summary

Security update for xen

Severity

Important

Notes

Title of the patch: Security update for xen

Patchnames: SUSE-2019-1371,SUSE-OpenStack-Cloud-7-2019-1371,SUSE-SLE-SAP-12-SP2-2019-1371,SUSE-SLE-SERVER-12-SP2-2019-1371,SUSE-SLE-SERVER-12-SP2-BCL-2019-1371,SUSE-Storage-4-2019-1371

CVE-2018-12126

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12127

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12130

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-20815

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-11091

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

64 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027519	self
https://bugzilla.suse.com/1111331	self
https://bugzilla.suse.com/1116380	self
https://bugzilla.suse.com/1130680	self
https://bugzilla.suse.com/1133818	self
https://www.suse.com/security/cve/CVE-2018-12126/	self
https://www.suse.com/security/cve/CVE-2018-12127/	self
https://www.suse.com/security/cve/CVE-2018-12130/	self
https://www.suse.com/security/cve/CVE-2018-20815/	self
https://www.suse.com/security/cve/CVE-2019-11091/	self
https://www.suse.com/security/cve/CVE-2018-12126	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1135524	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1149725	external
https://bugzilla.suse.com/1149726	external
https://bugzilla.suse.com/1149729	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12127	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12130	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-20815	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1130675	external
https://bugzilla.suse.com/1130680	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-11091	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1133319	external
https://bugzilla.suse.com/1135394	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\n- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThese updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates.\n\nThe mitigation can be controlled via the \u0027mds\u0027 commandline option, see the documentation.\n\nFor more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nOther fixes:\n\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380).\n- Fixed an issue with live migration (bsc#1133818).\n- Added upstream bug fix (bsc#1027519).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-1371,SUSE-OpenStack-Cloud-7-2019-1371,SUSE-SLE-SAP-12-SP2-2019-1371,SUSE-SLE-SERVER-12-SP2-2019-1371,SUSE-SLE-SERVER-12-SP2-BCL-2019-1371,SUSE-Storage-4-2019-1371",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1371-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:1371-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191371-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:1371-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005510.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027519",
        "url": "https://bugzilla.suse.com/1027519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1111331",
        "url": "https://bugzilla.suse.com/1111331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1116380",
        "url": "https://bugzilla.suse.com/1116380"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130680",
        "url": "https://bugzilla.suse.com/1130680"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1133818",
        "url": "https://bugzilla.suse.com/1133818"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12126 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12127 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12130 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20815 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11091 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11091/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2019-05-28T13:33:16Z",
      "generator": {
        "date": "2019-05-28T13:33:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:1371-1",
      "initial_release_date": "2019-05-28T13:33:16Z",
      "revision_history": [
        {
          "date": "2019-05-28T13:33:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-devel-4.7.6_06-43.51.1.i586",
                "product": {
                  "name": "xen-devel-4.7.6_06-43.51.1.i586",
                  "product_id": "xen-devel-4.7.6_06-43.51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.7.6_06-43.51.1.i586",
                "product": {
                  "name": "xen-libs-4.7.6_06-43.51.1.i586",
                  "product_id": "xen-libs-4.7.6_06-43.51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.7.6_06-43.51.1.i586",
                "product": {
                  "name": "xen-tools-domU-4.7.6_06-43.51.1.i586",
                  "product_id": "xen-tools-domU-4.7.6_06-43.51.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-4.7.6_06-43.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-devel-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-devel-4.7.6_06-43.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-doc-html-4.7.6_06-43.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-libs-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-libs-4.7.6_06-43.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-tools-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-tools-4.7.6_06-43.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
                "product": {
                  "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
                  "product_id": "xen-tools-domU-4.7.6_06-43.51.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 4",
                "product": {
                  "name": "SUSE Enterprise Storage 4",
                  "product_id": "SUSE Enterprise Storage 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.7.6_06-43.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.7.6_06-43.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.7.6_06-43.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.7.6_06-43.51.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.7.6_06-43.51.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.7.6_06-43.51.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.7.6_06-43.51.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.7.6_06-43.51.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.7.6_06-43.51.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12126",
          "url": "https://www.suse.com/security/cve/CVE-2018-12126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135524 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149725 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149726 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149729 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-28T13:33:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12126"
    },
    {
      "cve": "CVE-2018-12127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12127",
          "url": "https://www.suse.com/security/cve/CVE-2018-12127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-28T13:33:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12127"
    },
    {
      "cve": "CVE-2018-12130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12130",
          "url": "https://www.suse.com/security/cve/CVE-2018-12130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-28T13:33:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12130"
    },
    {
      "cve": "CVE-2018-20815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20815",
          "url": "https://www.suse.com/security/cve/CVE-2018-20815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130675 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130680 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-28T13:33:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20815"
    },
    {
      "cve": "CVE-2019-11091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
          "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11091",
          "url": "https://www.suse.com/security/cve/CVE-2019-11091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133319 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1133319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135394 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1135394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Enterprise Storage 4:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xen-tools-domU-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-doc-html-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-32bit-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-libs-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-4.7.6_06-43.51.1.x86_64",
            "SUSE OpenStack Cloud 7:xen-tools-domU-4.7.6_06-43.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-28T13:33:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11091"
    }
  ]
}

SUSE-SU-2019:14052-1

Vulnerability from csaf_suse - Published: 2019-05-17 11:14 - Updated: 2019-05-17 11:14

Summary

Security update for kvm

Severity

Important

Notes

Title of the patch: Security update for kvm

Description of the patch: This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331)

Patchnames: slessp4-kvm-14052

CVE-2018-12126

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12127

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12130

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-20815

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-11091

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-9824

2.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64	—	Vendor Fix

Threats

Impact low

References

68 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1111331	self
https://bugzilla.suse.com/1129622	self
https://bugzilla.suse.com/1130675	self
https://www.suse.com/security/cve/CVE-2018-12126/	self
https://www.suse.com/security/cve/CVE-2018-12127/	self
https://www.suse.com/security/cve/CVE-2018-12130/	self
https://www.suse.com/security/cve/CVE-2018-20815/	self
https://www.suse.com/security/cve/CVE-2019-11091/	self
https://www.suse.com/security/cve/CVE-2019-9824/	self
https://www.suse.com/security/cve/CVE-2018-12126	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1135524	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1149725	external
https://bugzilla.suse.com/1149726	external
https://bugzilla.suse.com/1149729	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12127	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12130	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-20815	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1130675	external
https://bugzilla.suse.com/1130680	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-11091	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1133319	external
https://bugzilla.suse.com/1135394	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2019-9824	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1129622	external
https://bugzilla.suse.com/1129623	external
https://bugzilla.suse.com/1178658	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kvm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for kvm fixes the following issues:\n\n- CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)\n- CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675)\n- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature \u0027md-clear\u0027 (bsc#1111331)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp4-kvm-14052",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14052-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:14052-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914052-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:14052-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005473.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1111331",
        "url": "https://bugzilla.suse.com/1111331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1129622",
        "url": "https://bugzilla.suse.com/1129622"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130675",
        "url": "https://bugzilla.suse.com/1130675"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12126 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12127 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12130 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20815 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11091 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11091/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9824 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9824/"
      }
    ],
    "title": "Security update for kvm",
    "tracking": {
      "current_release_date": "2019-05-17T11:14:37Z",
      "generator": {
        "date": "2019-05-17T11:14:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:14052-1",
      "initial_release_date": "2019-05-17T11:14:37Z",
      "revision_history": [
        {
          "date": "2019-05-17T11:14:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-60.24.1.i586",
                "product": {
                  "name": "kvm-1.4.2-60.24.1.i586",
                  "product_id": "kvm-1.4.2-60.24.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-60.24.1.s390x",
                "product": {
                  "name": "kvm-1.4.2-60.24.1.s390x",
                  "product_id": "kvm-1.4.2-60.24.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-60.24.1.x86_64",
                "product": {
                  "name": "kvm-1.4.2-60.24.1.x86_64",
                  "product_id": "kvm-1.4.2-60.24.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-60.24.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586"
        },
        "product_reference": "kvm-1.4.2-60.24.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-60.24.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x"
        },
        "product_reference": "kvm-1.4.2-60.24.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-60.24.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        },
        "product_reference": "kvm-1.4.2-60.24.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12126",
          "url": "https://www.suse.com/security/cve/CVE-2018-12126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135524 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149725 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149726 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149729 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-17T11:14:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12126"
    },
    {
      "cve": "CVE-2018-12127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12127",
          "url": "https://www.suse.com/security/cve/CVE-2018-12127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-17T11:14:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12127"
    },
    {
      "cve": "CVE-2018-12130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12130",
          "url": "https://www.suse.com/security/cve/CVE-2018-12130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-17T11:14:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12130"
    },
    {
      "cve": "CVE-2018-20815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20815",
          "url": "https://www.suse.com/security/cve/CVE-2018-20815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130675 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130680 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-17T11:14:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20815"
    },
    {
      "cve": "CVE-2019-11091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11091",
          "url": "https://www.suse.com/security/cve/CVE-2019-11091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133319 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1133319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135394 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1135394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-17T11:14:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11091"
    },
    {
      "cve": "CVE-2019-9824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9824",
          "url": "https://www.suse.com/security/cve/CVE-2019-9824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129622 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1129622"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129623 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1129623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:kvm-1.4.2-60.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-17T11:14:37Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-9824"
    }
  ]
}

SUSE-SU-2019:14053-1

Vulnerability from csaf_suse - Published: 2019-05-21 05:33 - Updated: 2019-05-21 05:33

Summary

Security update for kvm

Severity

Important

Notes

Title of the patch: Security update for kvm

Patchnames: sleposp3-kvm-14053

CVE-2018-12126

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586		—	Vendor Fix

Threats

Impact moderate

CVE-2018-12127

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586		—	Vendor Fix

Threats

Impact moderate

CVE-2018-12130

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586		—	Vendor Fix

Threats

Impact moderate

CVE-2018-20815

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586		—	Vendor Fix

Threats

Impact moderate

CVE-2019-11091

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586		—	Vendor Fix

Threats

Impact moderate

CVE-2019-9824

2.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586		—	Vendor Fix

Threats

Impact low

References

68 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1111331	self
https://bugzilla.suse.com/1129622	self
https://bugzilla.suse.com/1130675	self
https://www.suse.com/security/cve/CVE-2018-12126/	self
https://www.suse.com/security/cve/CVE-2018-12127/	self
https://www.suse.com/security/cve/CVE-2018-12130/	self
https://www.suse.com/security/cve/CVE-2018-20815/	self
https://www.suse.com/security/cve/CVE-2019-11091/	self
https://www.suse.com/security/cve/CVE-2019-9824/	self
https://www.suse.com/security/cve/CVE-2018-12126	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1135524	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1149725	external
https://bugzilla.suse.com/1149726	external
https://bugzilla.suse.com/1149729	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12127	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12130	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-20815	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1130675	external
https://bugzilla.suse.com/1130680	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-11091	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1133319	external
https://bugzilla.suse.com/1135394	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2019-9824	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1129622	external
https://bugzilla.suse.com/1129623	external
https://bugzilla.suse.com/1178658	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kvm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for kvm fixes the following issues:\n\n- CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622)\n- CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675)\n- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature \u0027md-clear\u0027 (bsc#1111331)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-kvm-14053",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14053-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:14053-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914053-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:14053-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005480.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1111331",
        "url": "https://bugzilla.suse.com/1111331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1129622",
        "url": "https://bugzilla.suse.com/1129622"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130675",
        "url": "https://bugzilla.suse.com/1130675"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12126 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12127 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12130 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20815 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11091 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11091/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9824 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9824/"
      }
    ],
    "title": "Security update for kvm",
    "tracking": {
      "current_release_date": "2019-05-21T05:33:33Z",
      "generator": {
        "date": "2019-05-21T05:33:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:14053-1",
      "initial_release_date": "2019-05-21T05:33:33Z",
      "revision_history": [
        {
          "date": "2019-05-21T05:33:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-53.32.1.i586",
                "product": {
                  "name": "kvm-1.4.2-53.32.1.i586",
                  "product_id": "kvm-1.4.2-53.32.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.32.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        },
        "product_reference": "kvm-1.4.2-53.32.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12126",
          "url": "https://www.suse.com/security/cve/CVE-2018-12126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135524 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149725 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149726 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149729 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-21T05:33:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12126"
    },
    {
      "cve": "CVE-2018-12127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12127",
          "url": "https://www.suse.com/security/cve/CVE-2018-12127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-21T05:33:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12127"
    },
    {
      "cve": "CVE-2018-12130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12130",
          "url": "https://www.suse.com/security/cve/CVE-2018-12130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-21T05:33:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12130"
    },
    {
      "cve": "CVE-2018-20815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20815",
          "url": "https://www.suse.com/security/cve/CVE-2018-20815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130675 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130680 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-21T05:33:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20815"
    },
    {
      "cve": "CVE-2019-11091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11091",
          "url": "https://www.suse.com/security/cve/CVE-2019-11091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133319 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1133319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135394 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1135394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-21T05:33:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11091"
    },
    {
      "cve": "CVE-2019-9824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9824",
          "url": "https://www.suse.com/security/cve/CVE-2019-9824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129622 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1129622"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129623 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1129623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-9824",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.32.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-21T05:33:33Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-9824"
    }
  ]
}

SUSE-SU-2019:14063-1

Vulnerability from csaf_suse - Published: 2019-05-24 07:26 - Updated: 2019-05-24 07:26

Summary

Security update for xen

Severity

Important

Notes

Title of the patch: Security update for xen

Patchnames: slessp4-xen-14063

CVE-2018-12126

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12127

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12130

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-20815

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-11091

6.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

62 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027519	self
https://bugzilla.suse.com/1111331	self
https://bugzilla.suse.com/1130680	self
https://www.suse.com/security/cve/CVE-2018-12126/	self
https://www.suse.com/security/cve/CVE-2018-12127/	self
https://www.suse.com/security/cve/CVE-2018-12130/	self
https://www.suse.com/security/cve/CVE-2018-20815/	self
https://www.suse.com/security/cve/CVE-2019-11091/	self
https://www.suse.com/security/cve/CVE-2018-12126	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1135524	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1149725	external
https://bugzilla.suse.com/1149726	external
https://bugzilla.suse.com/1149729	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12127	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-12130	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1135409	external
https://bugzilla.suse.com/1137916	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2018-20815	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1130675	external
https://bugzilla.suse.com/1130680	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-11091	external
https://bugzilla.suse.com/1103186	external
https://bugzilla.suse.com/1111331	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1133319	external
https://bugzilla.suse.com/1135394	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1138534	external
https://bugzilla.suse.com/1141977	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\n- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThese updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates.\n\nThe mitigation can be controlled via the \u0027mds\u0027 commandline option, see the documentation.\n\nFor more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nOther fixes:\n\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- Added upstream bug fix (bsc#1027519).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp4-xen-14063",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14063-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:14063-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914063-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:14063-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005492.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027519",
        "url": "https://bugzilla.suse.com/1027519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1111331",
        "url": "https://bugzilla.suse.com/1111331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130680",
        "url": "https://bugzilla.suse.com/1130680"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12126 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12127 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12130 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20815 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11091 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11091/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2019-05-24T07:26:09Z",
      "generator": {
        "date": "2019-05-24T07:26:09Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:14063-1",
      "initial_release_date": "2019-05-24T07:26:09Z",
      "revision_history": [
        {
          "date": "2019-05-24T07:26:09Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
                "product": {
                  "name": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
                  "product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
                "product": {
                  "name": "xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
                  "product_id": "xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.4.4_40-61.46.2.i586",
                "product": {
                  "name": "xen-libs-4.4.4_40-61.46.2.i586",
                  "product_id": "xen-libs-4.4.4_40-61.46.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.4.4_40-61.46.2.i586",
                "product": {
                  "name": "xen-tools-domU-4.4.4_40-61.46.2.i586",
                  "product_id": "xen-tools-domU-4.4.4_40-61.46.2.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.4.4_40-61.46.2.x86_64",
                "product": {
                  "name": "xen-4.4.4_40-61.46.2.x86_64",
                  "product_id": "xen-4.4.4_40-61.46.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.4.4_40-61.46.2.x86_64",
                "product": {
                  "name": "xen-doc-html-4.4.4_40-61.46.2.x86_64",
                  "product_id": "xen-doc-html-4.4.4_40-61.46.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
                "product": {
                  "name": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
                  "product_id": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.4.4_40-61.46.2.x86_64",
                "product": {
                  "name": "xen-libs-4.4.4_40-61.46.2.x86_64",
                  "product_id": "xen-libs-4.4.4_40-61.46.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
                "product": {
                  "name": "xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
                  "product_id": "xen-libs-32bit-4.4.4_40-61.46.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.4.4_40-61.46.2.x86_64",
                "product": {
                  "name": "xen-tools-4.4.4_40-61.46.2.x86_64",
                  "product_id": "xen-tools-4.4.4_40-61.46.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.4.4_40-61.46.2.x86_64",
                "product": {
                  "name": "xen-tools-domU-4.4.4_40-61.46.2.x86_64",
                  "product_id": "xen-tools-domU-4.4.4_40-61.46.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.4.4_40-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64"
        },
        "product_reference": "xen-4.4.4_40-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.4.4_40-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64"
        },
        "product_reference": "xen-doc-html-4.4.4_40-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586"
        },
        "product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64"
        },
        "product_reference": "xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586"
        },
        "product_reference": "xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.4.4_40-61.46.2.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586"
        },
        "product_reference": "xen-libs-4.4.4_40-61.46.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.4.4_40-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64"
        },
        "product_reference": "xen-libs-4.4.4_40-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.4.4_40-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.4.4_40-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64"
        },
        "product_reference": "xen-tools-4.4.4_40-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.4.4_40-61.46.2.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586"
        },
        "product_reference": "xen-tools-domU-4.4.4_40-61.46.2.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.4.4_40-61.46.2.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
        },
        "product_reference": "xen-tools-domU-4.4.4_40-61.46.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12126",
          "url": "https://www.suse.com/security/cve/CVE-2018-12126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135524 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149725 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149726 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149729 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T07:26:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12126"
    },
    {
      "cve": "CVE-2018-12127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12127",
          "url": "https://www.suse.com/security/cve/CVE-2018-12127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12127",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T07:26:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12127"
    },
    {
      "cve": "CVE-2018-12130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12130",
          "url": "https://www.suse.com/security/cve/CVE-2018-12130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T07:26:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12130"
    },
    {
      "cve": "CVE-2018-20815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20815",
          "url": "https://www.suse.com/security/cve/CVE-2018-20815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130675 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130680 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T07:26:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20815"
    },
    {
      "cve": "CVE-2019-11091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11091",
          "url": "https://www.suse.com/security/cve/CVE-2019-11091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133319 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1133319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135394 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1135394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2019-11091",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-doc-html-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-32bit-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-libs-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-4.4.4_40-61.46.2.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:xen-tools-domU-4.4.4_40-61.46.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-24T07:26:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11091"
    }
  ]
}

SUSE-SU-2019:14201-1

Vulnerability from csaf_suse - Published: 2019-10-25 12:28 - Updated: 2019-10-25 12:28

Summary

Security update for xen

Severity

Important

Notes

Title of the patch: Security update for xen

Description of the patch: This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).

Patchnames: sleposp3-xen-14201

CVE-2017-10806

5.9 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact moderate

CVE-2018-20815

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact moderate

CVE-2019-12067

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact low

CVE-2019-12068

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact moderate

CVE-2019-12155

3.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact low

CVE-2019-14378

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact important

CVE-2019-15890

5.8 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact moderate

CVE-2019-17340

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact important

CVE-2019-17341

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact important

CVE-2019-17342

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact important

CVE-2019-17343

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact important

CVE-2019-17344

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586	—	Vendor Fix

Threats

Impact moderate

References

70 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1047675	self
https://bugzilla.suse.com/1126140	self
https://bugzilla.suse.com/1126141	self
https://bugzilla.suse.com/1126192	self
https://bugzilla.suse.com/1126195	self
https://bugzilla.suse.com/1126196	self
https://bugzilla.suse.com/1130680	self
https://bugzilla.suse.com/1135905	self
https://bugzilla.suse.com/1143797	self
https://bugzilla.suse.com/1145652	self
https://bugzilla.suse.com/1146874	self
https://bugzilla.suse.com/1149813	self
https://www.suse.com/security/cve/CVE-2017-10806/	self
https://www.suse.com/security/cve/CVE-2018-20815/	self
https://www.suse.com/security/cve/CVE-2019-12067/	self
https://www.suse.com/security/cve/CVE-2019-12068/	self
https://www.suse.com/security/cve/CVE-2019-12155/	self
https://www.suse.com/security/cve/CVE-2019-14378/	self
https://www.suse.com/security/cve/CVE-2019-15890/	self
https://www.suse.com/security/cve/CVE-2019-17340/	self
https://www.suse.com/security/cve/CVE-2019-17341/	self
https://www.suse.com/security/cve/CVE-2019-17342/	self
https://www.suse.com/security/cve/CVE-2019-17343/	self
https://www.suse.com/security/cve/CVE-2019-17344/	self
https://www.suse.com/security/cve/CVE-2017-10806	external
https://bugzilla.suse.com/1047674	external
https://bugzilla.suse.com/1047675	external
https://www.suse.com/security/cve/CVE-2018-20815	external
https://bugzilla.suse.com/1118900	external
https://bugzilla.suse.com/1130675	external
https://bugzilla.suse.com/1130680	external
https://bugzilla.suse.com/1138043	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-12067	external
https://bugzilla.suse.com/1145642	external
https://bugzilla.suse.com/1145652	external
https://www.suse.com/security/cve/CVE-2019-12068	external
https://bugzilla.suse.com/1146873	external
https://bugzilla.suse.com/1146874	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-12155	external
https://bugzilla.suse.com/1135902	external
https://bugzilla.suse.com/1135905	external
https://www.suse.com/security/cve/CVE-2019-14378	external
https://bugzilla.suse.com/1143794	external
https://bugzilla.suse.com/1143797	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-15890	external
https://bugzilla.suse.com/1149811	external
https://bugzilla.suse.com/1149813	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-17340	external
https://bugzilla.suse.com/1126140	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-17341	external
https://bugzilla.suse.com/1126141	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-17342	external
https://bugzilla.suse.com/1126192	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-17343	external
https://bugzilla.suse.com/1126195	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2019-17344	external
https://bugzilla.suse.com/1126196	external
https://bugzilla.suse.com/1178658	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\n- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator\n  which could have led to Denial of Service (bsc#1149813).\n- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of \n  service (bsc#1146874).\n- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU \n  emulator which could have led to execution of  arbitrary code with privileges of the \n  QEMU process (bsc#1143797).\n- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).\n- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which\n  could have led to denial of service (bsc#1135905).\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675).\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-xen-14201",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14201-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:14201-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914201-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:14201-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006057.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1047675",
        "url": "https://bugzilla.suse.com/1047675"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126140",
        "url": "https://bugzilla.suse.com/1126140"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126141",
        "url": "https://bugzilla.suse.com/1126141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126192",
        "url": "https://bugzilla.suse.com/1126192"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126195",
        "url": "https://bugzilla.suse.com/1126195"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126196",
        "url": "https://bugzilla.suse.com/1126196"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1130680",
        "url": "https://bugzilla.suse.com/1130680"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1135905",
        "url": "https://bugzilla.suse.com/1135905"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1143797",
        "url": "https://bugzilla.suse.com/1143797"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1145652",
        "url": "https://bugzilla.suse.com/1145652"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1146874",
        "url": "https://bugzilla.suse.com/1146874"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149813",
        "url": "https://bugzilla.suse.com/1149813"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-10806 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-10806/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20815 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12067 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12067/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12068 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12068/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-12155 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-12155/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14378 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14378/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15890 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17340 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17340/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17341 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17341/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17342 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17342/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17343 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17343/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17344 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17344/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2019-10-25T12:28:21Z",
      "generator": {
        "date": "2019-10-25T12:28:21Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:14201-1",
      "initial_release_date": "2019-10-25T12:28:21Z",
      "revision_history": [
        {
          "date": "2019-10-25T12:28:21Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
                "product": {
                  "name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
                  "product_id": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
                "product": {
                  "name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
                  "product_id": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.2.5_21-45.33.1.i586",
                "product": {
                  "name": "xen-libs-4.2.5_21-45.33.1.i586",
                  "product_id": "xen-libs-4.2.5_21-45.33.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.2.5_21-45.33.1.i586",
                "product": {
                  "name": "xen-tools-domU-4.2.5_21-45.33.1.i586",
                  "product_id": "xen-tools-domU-4.2.5_21-45.33.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
        },
        "product_reference": "xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586"
        },
        "product_reference": "xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.2.5_21-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586"
        },
        "product_reference": "xen-libs-4.2.5_21-45.33.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.2.5_21-45.33.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        },
        "product_reference": "xen-tools-domU-4.2.5_21-45.33.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-10806",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-10806"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-10806",
          "url": "https://www.suse.com/security/cve/CVE-2017-10806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1047674 for CVE-2017-10806",
          "url": "https://bugzilla.suse.com/1047674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1047675 for CVE-2017-10806",
          "url": "https://bugzilla.suse.com/1047675"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-10806"
    },
    {
      "cve": "CVE-2018-20815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20815",
          "url": "https://www.suse.com/security/cve/CVE-2018-20815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118900 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1118900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130675 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1130680 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1130680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138043 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1138043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-20815",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20815"
    },
    {
      "cve": "CVE-2019-12067",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12067"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12067",
          "url": "https://www.suse.com/security/cve/CVE-2019-12067"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1145642 for CVE-2019-12067",
          "url": "https://bugzilla.suse.com/1145642"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1145652 for CVE-2019-12067",
          "url": "https://bugzilla.suse.com/1145652"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-12067"
    },
    {
      "cve": "CVE-2019-12068",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12068"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12068",
          "url": "https://www.suse.com/security/cve/CVE-2019-12068"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146873 for CVE-2019-12068",
          "url": "https://bugzilla.suse.com/1146873"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146874 for CVE-2019-12068",
          "url": "https://bugzilla.suse.com/1146874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-12068",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-12068"
    },
    {
      "cve": "CVE-2019-12155",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-12155"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-12155",
          "url": "https://www.suse.com/security/cve/CVE-2019-12155"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135902 for CVE-2019-12155",
          "url": "https://bugzilla.suse.com/1135902"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135905 for CVE-2019-12155",
          "url": "https://bugzilla.suse.com/1135905"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-12155"
    },
    {
      "cve": "CVE-2019-14378",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14378"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14378",
          "url": "https://www.suse.com/security/cve/CVE-2019-14378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143794 for CVE-2019-14378",
          "url": "https://bugzilla.suse.com/1143794"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143797 for CVE-2019-14378",
          "url": "https://bugzilla.suse.com/1143797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-14378",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-14378"
    },
    {
      "cve": "CVE-2019-15890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15890",
          "url": "https://www.suse.com/security/cve/CVE-2019-15890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149811 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1149811"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149813 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1149813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-15890",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15890"
    },
    {
      "cve": "CVE-2019-17340",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17340"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17340",
          "url": "https://www.suse.com/security/cve/CVE-2019-17340"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126140 for CVE-2019-17340",
          "url": "https://bugzilla.suse.com/1126140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17340",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17340"
    },
    {
      "cve": "CVE-2019-17341",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17341"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17341",
          "url": "https://www.suse.com/security/cve/CVE-2019-17341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126141 for CVE-2019-17341",
          "url": "https://bugzilla.suse.com/1126141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17341",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17341"
    },
    {
      "cve": "CVE-2019-17342",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17342"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17342",
          "url": "https://www.suse.com/security/cve/CVE-2019-17342"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126192 for CVE-2019-17342",
          "url": "https://bugzilla.suse.com/1126192"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17342",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17342"
    },
    {
      "cve": "CVE-2019-17343",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17343"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17343",
          "url": "https://www.suse.com/security/cve/CVE-2019-17343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126195 for CVE-2019-17343",
          "url": "https://bugzilla.suse.com/1126195"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17343",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-17343"
    },
    {
      "cve": "CVE-2019-17344",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17344"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
          "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17344",
          "url": "https://www.suse.com/security/cve/CVE-2019-17344"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126196 for CVE-2019-17344",
          "url": "https://bugzilla.suse.com/1126196"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2019-17344",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-libs-4.2.5_21-45.33.1.i586",
            "SUSE Linux Enterprise Point of Sale 11 SP3:xen-tools-domU-4.2.5_21-45.33.1.i586"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-10-25T12:28:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17344"
    }
  ]
}

WID-SEC-W-2024-1988

Vulnerability from csaf_certbund - Published: 2019-03-26 23:00 - Updated: 2024-09-02 22:00

Summary

QEMU: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.

Betroffene Betriebssysteme: - Linux - Windows

CVE-2018-20815

Es existiert eine Schwachstelle in QEMU. In der "load_device_tree()" Funktion von QEMU besteht ein Heap-Pufferüberlauf Fehler. Ein auf dem Gastsystem angemeldeter Angreifer kann diese Schwachstelle ausnutzen, um auf dem Hostsystem beliebigen Code mit den Rechten des QEMU Prozesses zur Ausführung zu bringen.

Affected products

Known affected 6 products

Product	Identifier	Version
Open Source QEMU Open Source	`cpe:/a:qemu:qemu:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://seclists.org/oss-sec/2019/q1/194	external
http://linux.oracle.com/errata/ELSA-2019-4631.html	external
http://linux.oracle.com/errata/ELSA-2019-4630.html	external
http://linux.oracle.com/errata/ELSA-2019-4640.html	external
https://usn.ubuntu.com/3978-1/	external
https://access.redhat.com/errata/RHSA-2019:1175	external
https://www.linuxsecurity.com/advisories/suse/sus…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.linuxsecurity.com/advisories/suse/sus…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://access.redhat.com/errata/RHSA-2019:1667	external
https://access.redhat.com/errata/RHSA-2019:1723	external
https://access.redhat.com/errata/RHSA-2019:1743	external
https://access.redhat.com/errata/RHSA-2019:1881	external
https://access.redhat.com/errata/RHSA-2019:1968	external
https://access.redhat.com/errata/RHSA-2019:2507	external
https://access.redhat.com/errata/RHSA-2019:2553	external
https://lists.debian.org/debian-security-announce…	external
https://www.debian.org/security/2019/dsa-4506	external
https://www.suse.com/support/update/announcement/…	external
https://linux.oracle.com/errata/ELSA-2024-12604.html	external
https://linux.oracle.com/errata/ELSA-2024-12605.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1988 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1988.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1988 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1988"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing Liste vom 2019-03-26",
        "url": "https://seclists.org/oss-sec/2019/q1/194"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4631 vom 2019-05-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4631.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4630 vom 2019-05-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4630.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4640 vom 2019-05-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4640.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3978-1 vom 2019-05-15",
        "url": "https://usn.ubuntu.com/3978-1/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1175 vom 2019-05-15",
        "url": "https://access.redhat.com/errata/RHSA-2019:1175"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1238-1 vom 2019-05-14",
        "url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-1238-1-important-qemu"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1272-1 vom 2019-05-17",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191272-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1269-1 vom 2019-05-17",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191269-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14052-1 vom 2019-05-18",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914052-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1268-1 vom 2019-05-17",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191268-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14053-1 vom 2019-05-21",
        "url": "https://www.linuxsecurity.com/advisories/suse/suse-2019-14053-1-important-kvm?rss"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14063-1 vom 2019-05-24",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914063-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1349-1 vom 2019-05-25",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191349-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1348-1 vom 2019-05-25",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191348-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1371-1 vom 2019-05-29",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191371-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1667 vom 2019-07-03",
        "url": "https://access.redhat.com/errata/RHSA-2019:1667"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1723 vom 2019-07-10",
        "url": "https://access.redhat.com/errata/RHSA-2019:1723"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1743 vom 2019-07-10",
        "url": "https://access.redhat.com/errata/RHSA-2019:1743"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1881 vom 2019-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2019:1881"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1968 vom 2019-07-30",
        "url": "https://access.redhat.com/errata/RHSA-2019:1968"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2507 vom 2019-08-15",
        "url": "https://access.redhat.com/errata/RHSA-2019:2507"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2553 vom 2019-08-22",
        "url": "https://access.redhat.com/errata/RHSA-2019:2553"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4506-1 vom 2019-08-24",
        "url": "https://lists.debian.org/debian-security-announce/2019/msg00154.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4506 vom 2019-08-26",
        "url": "https://www.debian.org/security/2019/dsa-4506"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14201-1 vom 2019-10-25",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914201-1.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
      }
    ],
    "source_lang": "en-US",
    "title": "QEMU: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit den Rechten des Dienstes",
    "tracking": {
      "current_release_date": "2024-09-02T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-03T08:16:26.207+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-1988",
      "initial_release_date": "2019-03-26T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-03-26T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-04-24T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: GLSA/201904-25"
        },
        {
          "date": "2019-05-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux, Ubuntu, Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2019-05-16T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-05-19T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-05-21T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-05-26T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-05-28T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-06-23T22:00:00.000+00:00",
          "number": "9",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-E9DE40D53F, FEDORA-2019-52A8F5468E"
        },
        {
          "date": "2019-07-02T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-07-09T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-07-10T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-07-29T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-15T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-22T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-25T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2019-08-26T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2019-10-27T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-02T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "19"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source QEMU",
            "product": {
              "name": "Open Source QEMU",
              "product_id": "185878",
              "product_identification_helper": {
                "cpe": "cpe:/a:qemu:qemu:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20815",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in QEMU. In der \"load_device_tree()\" Funktion von QEMU besteht ein Heap-Puffer\u00fcberlauf Fehler. Ein auf dem Gastsystem angemeldeter Angreifer kann diese Schwachstelle ausnutzen, um auf dem Hostsystem beliebigen Code mit den Rechten des QEMU Prozesses zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "185878",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914"
        ]
      },
      "release_date": "2019-03-26T23:00:00.000+00:00",
      "title": "CVE-2018-20815"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-20815 (GCVE-0-2018-20815)

SUSE-SU-2019:1349-1

SUSE-SU-2019:1371-1

SUSE-SU-2019:14052-1

SUSE-SU-2019:14053-1

SUSE-SU-2019:14063-1

SUSE-SU-2019:14201-1

WID-SEC-W-2024-1988

Tags

Sightings

Nomenclature