openSUSE Recommended Update: Recommended update for xen ______________________________________________________________________________ Announcement ID: openSUSE-RU-2019:2371-1 Rating: important References: #1027519 #1111331 #1120095 #1133296 #1135799 #1137471 #1137717 #1138294 #1138563 #1143563 #1145240 #1145774 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 6 fixes is now available. Description: This update for xen to version 4.12.1 fixes the following issues: - Fixed an issue which made Xen crash on AMD ROME based machines (bsc#1135799). - Xenpvnetboot is now ported correctly to Python 3 (bsc#1138563). - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime (bsc#1120095). The included README has details about the impact of this change - Fixed an issue where the speculative mitigation facilities reported wrong status (bsc#1143563). - Fixed an issue where Xen could not connect socket to /var/run/libvirt/libvirt-sock (bsc#1137471). - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). - LTO is now disabled (bsc#1133296). - Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2371=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): xen-debugsource-4.12.1_02-lp151.2.3.1 xen-devel-4.12.1_02-lp151.2.3.1 xen-libs-4.12.1_02-lp151.2.3.1 xen-libs-debuginfo-4.12.1_02-lp151.2.3.1 xen-tools-domU-4.12.1_02-lp151.2.3.1 xen-tools-domU-debuginfo-4.12.1_02-lp151.2.3.1 - openSUSE Leap 15.1 (x86_64): xen-4.12.1_02-lp151.2.3.1 xen-doc-html-4.12.1_02-lp151.2.3.1 xen-libs-32bit-4.12.1_02-lp151.2.3.1 xen-libs-32bit-debuginfo-4.12.1_02-lp151.2.3.1 xen-tools-4.12.1_02-lp151.2.3.1 xen-tools-debuginfo-4.12.1_02-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-17349.html https://www.suse.com/security/cve/CVE-2019-17350.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1120095 https://bugzilla.suse.com/1133296 https://bugzilla.suse.com/1135799 https://bugzilla.suse.com/1137471 https://bugzilla.suse.com/1137717 https://bugzilla.suse.com/1138294 https://bugzilla.suse.com/1138563 https://bugzilla.suse.com/1143563 https://bugzilla.suse.com/1145240 https://bugzilla.suse.com/1145774