SUSE-SU-2024:3980-1

Details

This update for xen fixes the following issues:

Security issues fixed:

CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622)
CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624)
CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366)

Non-security issues fixed:

Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542)
Upstream bug fixes (bsc#1027519)

Affected Packages

xen

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5SUSE Linux Enterprise Module for Server Applications 15 SP5openSUSE Leap 15.5openSUSE Leap Micro 5.5

Fixed in:

4.17.5_06-150500.3.42.1

xen-libs

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5openSUSE Leap Micro 5.5

Fixed in:

4.17.5_06-150500.3.42.1

xen-tools-domU

SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5

Fixed in:

4.17.5_06-150500.3.42.1

xen-devel

SUSE Linux Enterprise Module for Server Applications 15 SP5openSUSE Leap 15.5