SUSE-IU-2024:1898-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Nov 29 08:03:53 UTC 2024 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1898-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.16 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 4.16
Severity          : critical
Type              : security
References        : 1027519 1214718 1216320 1218424 1218851 1219080 1219885 1221332
                        1221334 1221984 1222302 1222453 1223887 1223888 1225771 1225953
                        1227355 1227546 1228549 1228552 1228574 1228575 1231264 1231265
                        1231266 1233593 1233594 CVE-2020-8911 CVE-2020-8912 CVE-2023-0109
                        CVE-2023-28746 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842
                        CVE-2024-0793 CVE-2024-11595 CVE-2024-11596 CVE-2024-2193 CVE-2024-2201
                        CVE-2024-24425 CVE-2024-24426 CVE-2024-28882 CVE-2024-31142 CVE-2024-31143
                        CVE-2024-31145 CVE-2024-31146 CVE-2024-31227 CVE-2024-31228 CVE-2024-31449
                        CVE-2024-34402 CVE-2024-34403 CVE-2024-41671 CVE-2024-41810 CVE-2024-44625
                        CVE-2024-52009 CVE-2024-52010 CVE-2024-52308 CVE-2024-52522 CVE-2024-5564
                        CVE-2024-8986 CVE-2024-9526 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build
Released:    Mon Nov 25 14:51:40 2024
Summary:     Security update for xen
Type:        security
Severity:    critical
References:  1027519,1214718,1216320,1218424,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1223887,1223888,1225771,1225953,1227355,1227546,1228549,1228552,1228574,1228575,1231264,1231265,1231266,1233593,1233594,CVE-2020-8911,CVE-2020-8912,CVE-2023-0109,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-0793,CVE-2024-11595,CVE-2024-11596,CVE-2024-2193,CVE-2024-2201,CVE-2024-24425,CVE-2024-24426,CVE-2024-28882,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-31227,CVE-2024-31228,CVE-2024-31449,CVE-2024-34402,CVE-2024-34403,CVE-2024-41671,CVE-2024-41810,CVE-2024-44625,CVE-2024-52009,CVE-2024-52010,CVE-2024-52308,CVE-2024-52522,CVE-2024-5564,CVE-2024-8986,CVE-2024-9526
This update for xen fixes the following issues:

- Update to Xen 4.18.3 security bug fix release (bsc#1027519)
  * No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
  IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
  with shared resources (XSA-461)
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
  guest IRQ handling (XSA-458)
- bsc#1214718 - The system hangs intermittently when Power Control
  Mode is set to Minimum Power on SLES15SP5 Xen
- Upstream bug fixes (bsc#1027519)

- bsc#1225953 - Package xen does not build with gcc14 because of
  new errors
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- Upstream bug fixes (bsc#1027519)

- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
  xen-4.18.2-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
  for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)

- Update to Xen 4.18.1 bug fix release (bsc#1027519)
  xen-4.18.1-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
  Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)

- Upstream bug fixes (bsc#1027519)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)


The following package changes have been done:

- SL-Micro-release-6.0-24.27 updated
- libndp0-1.8-3.1 updated
- container:SL-Micro-base-container-2.1.3-4.16 updated

More information about the sle-container-updates mailing list