Recommended update for xen

Announcement ID:	SUSE-RU-2019:2767-1
Rating:	important
References:	bsc#1027519 bsc#1126140 bsc#1126141 bsc#1126192 bsc#1126195 bsc#1126196 bsc#1126197 bsc#1126198 bsc#1126201 bsc#1127400 bsc#1129642 bsc#1131811 bsc#1133818 bsc#1137717 bsc#1138294 bsc#1138563 bsc#1145240 bsc#1145774
Cross-References:	CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 CVE-2019-17349
CVSS scores:	CVE-2018-12126 ( SUSE ): 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2018-12126 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-12127 ( SUSE ): 3.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2018-12127 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-12130 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-12130 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-11091 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-11091 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-17340 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-17340 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2019-17341 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2019-17342 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-17343 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17344 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-17344 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-17345 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-17345 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-17346 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2019-17346 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2019-17347 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2019-17347 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-17348 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2019-17348 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-17349 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-17349 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15 Server Applications Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves 14 vulnerabilities and has four fixes can now be installed.

Description:

This update for xen to version 4.10.4 fixes the following issues:

• Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818).
• Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717).
• Fixed an issue where libxenlight could not create new domain (bsc#1131811).
• Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240).
• Fixed an issue where attached pci devices were lost after reboot (bsc#1129642).
• Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774).
• Xenpvnetboot is now ported correctly to Python 3 (bsc#1138563).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2767=1
• Server Applications Module 15
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2767=1

Package List:

• Basesystem Module 15 (x86_64)
  • xen-libs-debuginfo-4.10.4_04-3.22.1
  • xen-libs-4.10.4_04-3.22.1
  • xen-tools-domU-debuginfo-4.10.4_04-3.22.1
  • xen-debugsource-4.10.4_04-3.22.1
  • xen-tools-domU-4.10.4_04-3.22.1
• Server Applications Module 15 (x86_64)
  • xen-4.10.4_04-3.22.1
  • xen-devel-4.10.4_04-3.22.1
  • xen-tools-4.10.4_04-3.22.1
  • xen-tools-debuginfo-4.10.4_04-3.22.1
  • xen-debugsource-4.10.4_04-3.22.1

References:

• https://www.suse.com/security/cve/CVE-2018-12126.html
• https://www.suse.com/security/cve/CVE-2018-12127.html
• https://www.suse.com/security/cve/CVE-2018-12130.html
• https://www.suse.com/security/cve/CVE-2019-11091.html
• https://www.suse.com/security/cve/CVE-2019-17340.html
• https://www.suse.com/security/cve/CVE-2019-17341.html
• https://www.suse.com/security/cve/CVE-2019-17342.html
• https://www.suse.com/security/cve/CVE-2019-17343.html
• https://www.suse.com/security/cve/CVE-2019-17344.html
• https://www.suse.com/security/cve/CVE-2019-17345.html
• https://www.suse.com/security/cve/CVE-2019-17346.html
• https://www.suse.com/security/cve/CVE-2019-17347.html
• https://www.suse.com/security/cve/CVE-2019-17348.html
• https://www.suse.com/security/cve/CVE-2019-17349.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027519
• https://bugzilla.suse.com/show_bug.cgi?id=1126140
• https://bugzilla.suse.com/show_bug.cgi?id=1126141
• https://bugzilla.suse.com/show_bug.cgi?id=1126192
• https://bugzilla.suse.com/show_bug.cgi?id=1126195
• https://bugzilla.suse.com/show_bug.cgi?id=1126196
• https://bugzilla.suse.com/show_bug.cgi?id=1126197
• https://bugzilla.suse.com/show_bug.cgi?id=1126198
• https://bugzilla.suse.com/show_bug.cgi?id=1126201
• https://bugzilla.suse.com/show_bug.cgi?id=1127400
• https://bugzilla.suse.com/show_bug.cgi?id=1129642
• https://bugzilla.suse.com/show_bug.cgi?id=1131811
• https://bugzilla.suse.com/show_bug.cgi?id=1133818
• https://bugzilla.suse.com/show_bug.cgi?id=1137717
• https://bugzilla.suse.com/show_bug.cgi?id=1138294
• https://bugzilla.suse.com/show_bug.cgi?id=1138563
• https://bugzilla.suse.com/show_bug.cgi?id=1145240
• https://bugzilla.suse.com/show_bug.cgi?id=1145774