Test ID:	1.3.6.1.4.1.25623.1.1.4.2018.2401.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2018:2401-1)
Summary:	The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:2401-1 advisory.
Description:	Summary: The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2018:2401-1 advisory. Vulnerability Insight: This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Affected Software/OS: 'xen' package(s) on SUSE Linux Enterprise Desktop 12-SP3, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP Applications 12-SP3. Solution: Please install the updated package(s). CVSS Score: 4.7 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-3646 BugTraq ID: 105080 http://www.securityfocus.com/bid/105080 CERT/CC vulnerability note: VU#982149 https://www.kb.cert.org/vuls/id/982149 Cisco Security Advisory: 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.vmware.com/security/advisories/VMSA-2018-0020.html http://xenbits.xen.org/xsa/advisory-273.html https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010 https://security.netapp.com/advisory/ntap-20180815-0001/ https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault https://support.f5.com/csp/article/K31300402 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.synology.com/support/security/Synology_SA_18_45 Debian Security Information: DSA-4274 (Google Search) https://www.debian.org/security/2018/dsa-4274 Debian Security Information: DSA-4279 (Google Search) https://www.debian.org/security/2018/dsa-4279 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/ FreeBSD Security Advisory: FreeBSD-SA-18:09 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc https://security.gentoo.org/glsa/201810-06 https://foreshadowattack.eu/ https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html RedHat Security Advisories: RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384 RedHat Security Advisories: RHSA-2018:2387 https://access.redhat.com/errata/RHSA-2018:2387 RedHat Security Advisories: RHSA-2018:2388 https://access.redhat.com/errata/RHSA-2018:2388 RedHat Security Advisories: RHSA-2018:2389 https://access.redhat.com/errata/RHSA-2018:2389 RedHat Security Advisories: RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 RedHat Security Advisories: RHSA-2018:2391 https://access.redhat.com/errata/RHSA-2018:2391 RedHat Security Advisories: RHSA-2018:2392 https://access.redhat.com/errata/RHSA-2018:2392 RedHat Security Advisories: RHSA-2018:2393 https://access.redhat.com/errata/RHSA-2018:2393 RedHat Security Advisories: RHSA-2018:2394 https://access.redhat.com/errata/RHSA-2018:2394 RedHat Security Advisories: RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395 RedHat Security Advisories: RHSA-2018:2396 https://access.redhat.com/errata/RHSA-2018:2396 RedHat Security Advisories: RHSA-2018:2402 https://access.redhat.com/errata/RHSA-2018:2402 RedHat Security Advisories: RHSA-2018:2403 https://access.redhat.com/errata/RHSA-2018:2403 RedHat Security Advisories: RHSA-2018:2404 https://access.redhat.com/errata/RHSA-2018:2404 RedHat Security Advisories: RHSA-2018:2602 https://access.redhat.com/errata/RHSA-2018:2602 RedHat Security Advisories: RHSA-2018:2603 https://access.redhat.com/errata/RHSA-2018:2603 http://www.securitytracker.com/id/1041451 http://www.securitytracker.com/id/1042004 https://usn.ubuntu.com/3740-1/ https://usn.ubuntu.com/3740-2/ https://usn.ubuntu.com/3741-1/ https://usn.ubuntu.com/3741-2/ https://usn.ubuntu.com/3742-1/ https://usn.ubuntu.com/3742-2/ https://usn.ubuntu.com/3756-1/ https://usn.ubuntu.com/3823-1/
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.