SUSE: Security Advisory (SUSE-SU-2021:2957-1)

The remote host is missing an update for the 'xen' package(s) announced via the SUSE-SU-2021:2957-1 advisory.

This update for xen fixes the following issues: CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).

'xen' package(s) on HPE Helion Openstack 8, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).