Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Fedora 23: 2016-1c3374bcb9 Critical: Xen Memory Overflow Issues

fedora
Calendar Grey September 21, 2016
Dist Fedora Esm H88
The latest Fedora 23 update addresses multiple security flaws within Xen, specifically focusing on the management of instruction pointers and buffer overflows.
x86: Disallow L3 recursive pagetable for 32-bit PV guests [XSA-185, CVE-2016-7092] (#1374470) x86: Mishandling of instruction pointer truncation during emulation [XSA-186, CVE-2016...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

x86: Disallow L3 recursive pagetable for 32-bit PV guests [XSA-185, CVE-2016-7092] (#1374470) x86: Mishandling of instruction pointer truncation during emulation [XSA-186, CVE-2016-7093] (#1374471) x86 HVM: Overflow of sh_ctxt->seg_reg[] [XSA-187, CVE-2016-7094] (#1374473)

Change Log

References


[ 1 ] Bug #1370319 - CVE-2016-7092 xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests https://bugzilla.redhat.com/show_bug.cgi?id=1370319 [ 2 ] Bug #1370322 - CVE-2016-7093 xen: x86: Mishandling of instruction pointer truncation during emulation https://bugzilla.redhat.com/show_bug.cgi?id=1370322 [ 3 ] Bug #1370332 - CVE-2016-7094 xen: x86 HVM: Overflow of sh_ctxt->seg_reg[] https://bugzilla.redhat.com/show_bug.cgi?id=1370332

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 23
Version: 4.5.3
Release: 10.fc23
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.