{"affected":[{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.51.1","xen-doc-html":"4.7.6_06-43.51.1","xen-libs":"4.7.6_06-43.51.1","xen-libs-32bit":"4.7.6_06-43.51.1","xen-tools":"4.7.6_06-43.51.1","xen-tools-domU":"4.7.6_06-43.51.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.51.1","xen-doc-html":"4.7.6_06-43.51.1","xen-libs":"4.7.6_06-43.51.1","xen-libs-32bit":"4.7.6_06-43.51.1","xen-tools":"4.7.6_06-43.51.1","xen-tools-domU":"4.7.6_06-43.51.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.51.1","xen-doc-html":"4.7.6_06-43.51.1","xen-libs":"4.7.6_06-43.51.1","xen-libs-32bit":"4.7.6_06-43.51.1","xen-tools":"4.7.6_06-43.51.1","xen-tools-domU":"4.7.6_06-43.51.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.51.1","xen-doc-html":"4.7.6_06-43.51.1","xen-libs":"4.7.6_06-43.51.1","xen-libs-32bit":"4.7.6_06-43.51.1","xen-tools":"4.7.6_06-43.51.1","xen-tools-domU":"4.7.6_06-43.51.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.51.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xen":"4.7.6_06-43.51.1","xen-doc-html":"4.7.6_06-43.51.1","xen-libs":"4.7.6_06-43.51.1","xen-libs-32bit":"4.7.6_06-43.51.1","xen-tools":"4.7.6_06-43.51.1","xen-tools-domU":"4.7.6_06-43.51.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.6_06-43.51.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xen fixes the following issues:\n\nFour new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)\n\n- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)\n- CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n- CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS)\n- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\nThese updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates.\n\nThe mitigation can be controlled via the 'mds' commandline option, see the documentation.\n\nFor more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736\n\nOther fixes:\n\n- CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680).\n- Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380).\n- Fixed an issue with live migration (bsc#1133818).\n- Added upstream bug fix (bsc#1027519).\n","id":"SUSE-SU-2019:1371-1","modified":"2019-05-28T13:33:16Z","published":"2019-05-28T13:33:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191371-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027519"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111331"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116380"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130680"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11091"}],"related":["CVE-2018-12126","CVE-2018-12127","CVE-2018-12130","CVE-2018-20815","CVE-2019-11091"],"summary":"Security update for xen","upstream":["CVE-2018-12126","CVE-2018-12127","CVE-2018-12130","CVE-2018-20815","CVE-2019-11091"]}