SUSE-SU-2021:1648-1

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2021-28689
Published: 19 May 2021, 12:00
Last modified:02 May 2025, 04:31

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 May 2021, 12:00
Published
Vulnerability first disclosed
02 May 2025, 04:31
Last Modified
Vulnerability information updated

Description

Security update for xen This update for xen fixes the following issues: Security issue fixed: - CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104) - Make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - A recent systemd update caused a regression in xenstored.service systemd now fails to track units that use systemd-notify (bsc#1183790) - Added a delay between the call to systemd-notify and the final exit of the wrapper script (bsc#1185021, bsc#1185196)

Affected Systems

  • susexen&distro=SUSE Linux Enterprise Server 12 SP4-LTSS

    < 4.11.4_18-2.54.1

  • susexen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

    < 4.11.4_18-2.54.1

  • susexen&distro=SUSE OpenStack Cloud 9

    < 4.11.4_18-2.54.1

  • susexen&distro=SUSE OpenStack Cloud Crowbar 9

    < 4.11.4_18-2.54.1

References (7)