Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 22: 2015-9456 Moderate: Xen Issues Related To PCI Exposure

fedora
Calendar Grey June 14, 2015
Dist Fedora Esm H88
Fedora 22 has rolled out a vital security patch for Xen addressing several severe vulnerabilities, including accidental data overwrites and PCI insecurity.
replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches, work around a gcc 5 bug, Potential unintended writes to host MSI message data field via qemu [XSA-1...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches, work around a gcc 5 bug, Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103], PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104], Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105], Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]

Topics%20covered

Topics Covered

security advisory moderate Fedora Xen qemu guest access pci issue

Change Log

* Tue Jun 2 2015 Michael Young - 4.5.0-10 - replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches - work around a gcc 5 bug - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] * Wed May 13 2015 Michael Young - 4.5.0-9 - Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)

References


[ 1 ] Bug #1223846 - CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128) https://bugzilla.redhat.com/show_bug.cgi?id=1223846 [ 2 ] Bug #1223851 - CVE-2015-4104 xen: PCI MSI mask bits inadvertently exposed to guests (xsa-129) https://bugzilla.redhat.com/show_bug.cgi?id=1223851 [ 3 ] Bug #1223853 - xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130) https://bugzilla.redhat.com/show_bug.cgi?id=1223853 [ 4 ] Bug #1223859 - xen: unmediated PCI register access in qemu (xsa-131) https://bugzilla.redhat.com/show_bug.cgi?id=1223859

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 22
Version: 4.5.0
Release: 10.fc22
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory moderate Fedora Xen qemu guest access pci issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here