Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Fedora 24: 2016-95c104a4c6 Critical: Xen Security Issues

fedora
Calendar Grey December 4, 2016
Scroller Fedora
Critical vulnerabilities addressed in Fedora 24 related to Xen security. Key details on updates for threats such as buffer overflow exploits and code injections.
xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] ...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] x86 segment base write emulation lacking canonical address checks [XSA-193, CVE-2016-9385] x86 64-bit bit test instruction emulation broken [XSA-195, CVE-2016-9383] x86 software interrupt injection mis- handled [XSA-196, CVE-2016-9377, CVE-2016-9378] qemu incautious about shared ring processing [XSA-197, CVE-2016-9381] delimiter injection vulnerabilities in pygrub [XSA-198, CVE-2016-9379, CVE-2016-9380]

Change Log

References


[ 1 ] Bug #1392933 - CVE-2016-9382 xsa192 xen: x86 task switch to VM86 mode mis-handled (XSA-192) https://bugzilla.redhat.com/show_bug.cgi?id=1392933 [ 2 ] Bug #1392939 - CVE-2016-9379 CVE-2016-9380 xsa198 xen: delimiter injection vulnerabilities in pygrub (XSA-198) https://bugzilla.redhat.com/show_bug.cgi?id=1392939 [ 3 ] Bug #1392929 - CVE-2016-9385 xsa193 xen: x86 segment base write emulation lacking canonical address checks (XSA-193) https://bugzilla.redhat.com/show_bug.cgi?id=1392929 [ 4 ] Bug #1392938 - CVE-2016-9381 xsa197 xen: qemu incautious about shared ring processing (XSA-197) https://bugzilla.redhat.com/show_bug.cgi?id=1392938 [ 5 ] Bug #1392937 - CVE-2016-9377 CVE-2016-9378 xsa196 xen: x86 software interrupt injection mis-handled (XSA-196) https://bugzilla.redhat.com/show_bug.cgi?id=1392937 [ 6 ] Bug #1392935 - CVE-2016-9383 xsa195 xen: x86 64-bit bit test instruction emulation broken (XSA-195) https://bugzill...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 24
Version: 4.6.4
Release: 2.fc24
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.