Security update for xen

SUSE Security Update: Security update for xen
Announcement ID: SUSE-SU-2018:1699-2
Rating: important
References: #1027519 #1074562 #1086039 #1092631
Cross-References:CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639
Affected Products:
  • SUSE Linux Enterprise Server 12-SP2-BCL

An update that fixes four vulnerabilities is now available.


This update for xen fixes several issues.
This feature was added:

  • Added support for qemu monitor command

These security issues were fixed:
  • CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631).
  • CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562).

This non-security issue was fixed:
  • bsc#1086039 - Dom0 does not represent DomU cpu flags

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1142=1

Package List:

  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • xen-4.7.5_04-43.33.1
    • xen-debugsource-4.7.5_04-43.33.1
    • xen-doc-html-4.7.5_04-43.33.1
    • xen-libs-32bit-4.7.5_04-43.33.1
    • xen-libs-4.7.5_04-43.33.1
    • xen-libs-debuginfo-32bit-4.7.5_04-43.33.1
    • xen-libs-debuginfo-4.7.5_04-43.33.1
    • xen-tools-4.7.5_04-43.33.1
    • xen-tools-debuginfo-4.7.5_04-43.33.1
    • xen-tools-domU-4.7.5_04-43.33.1
    • xen-tools-domU-debuginfo-4.7.5_04-43.33.1