SUSE-IU-2024:1943-1: Security update of suse/sl-micro/6.0/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Dec 4 12:47:07 UTC 2024 

SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1943-1
Image Tags        : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.18 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release     : 4.18
Severity          : critical
Type              : security
References        : 1027519 1207377 1214718 1216320 1218474 1218609 1218851 1219080
                        1219503 1219885 1220117 1221332 1221334 1221831 1221984 1222302
                        1222453 1223605 1224788 1225365 1225598 1225953 1226321 1227355
                        1228142 1228574 1228575 1230679 1231500 1232211 CVE-2022-45748
                        CVE-2023-28746 CVE-2023-32324 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504
                        CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193
                        CVE-2024-2201 CVE-2024-28085 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145
                        CVE-2024-31146 CVE-2024-35195 CVE-2024-35235 CVE-2024-40724 CVE-2024-45679
-----------------------------------------------------------------

The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build
Released:    Mon Nov 25 14:51:40 2024
Summary:     Security update for xen
Type:        security
Severity:    critical
References:  1027519,1207377,1214718,1216320,1218474,1218609,1218851,1219080,1219503,1219885,1220117,1221332,1221334,1221831,1221984,1222302,1222453,1223605,1224788,1225365,1225598,1225953,1226321,1227355,1228142,1228574,1228575,1230679,1231500,1232211,CVE-2022-45748,CVE-2023-28746,CVE-2023-32324,CVE-2023-32360,CVE-2023-34241,CVE-2023-4504,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-28085,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-35195,CVE-2024-35235,CVE-2024-40724,CVE-2024-45679
This update for xen fixes the following issues:

- Update to Xen 4.18.3 security bug fix release (bsc#1027519)
  * No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
  IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
  with shared resources (XSA-461)
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
  guest IRQ handling (XSA-458)
- bsc#1214718 - The system hangs intermittently when Power Control
  Mode is set to Minimum Power on SLES15SP5 Xen
- Upstream bug fixes (bsc#1027519)

- bsc#1225953 - Package xen does not build with gcc14 because of
  new errors
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- Upstream bug fixes (bsc#1027519)

- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
  xen-4.18.2-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
  for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)

- Update to Xen 4.18.1 bug fix release (bsc#1027519)
  xen-4.18.1-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
  Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)

- Upstream bug fixes (bsc#1027519)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)


The following package changes have been done:

- SL-Micro-release-6.0-24.28 updated
- elemental-register-1.6.6-1.1 updated
- elemental-support-1.6.6-1.1 updated
- container:SL-Micro-base-container-2.1.3-4.17 updated

More information about the sle-container-updates mailing list