Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 24: FEDORA-2016-bcbae0781f Critical: Xen Async Abort and Memory Leak

fedora
Calendar Grey December 23, 2016
Dist Fedora Esm H88
The latest security patch for Xen in Fedora mitigates several issues, such as potential memory leak exploits and asynchronous termination weaknesses.
x86 CMPXCHG8B emulation fails to ignore operand size override [XSA-200, CVE-2016-9932] (#1404262) ---- ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815, CVE-20...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

x86 CMPXCHG8B emulation fails to ignore operand size override [XSA-200, CVE-2016-9932] (#1404262) ---- ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747) qemu: Divide by zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921, CVE-2016-9922] Qemu: 9pfs: memory leakage via proxy/handle callbacks (#1402278) qemu ioport array overflow [XSA-199, CVE-2016-9637]

Topics%20covered

Topics Covered

security advisory critical Fedora memory leak Xen divide by zero async abort

Change Log

References


[ 1 ] Bug #1399745 - CVE-2016-9932 xsa200 xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) https://bugzilla.redhat.com/show_bug.cgi?id=1399745 [ 2 ] Bug #1399746 - CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 xsa201 xen: ARM guests may induce host asynchronous abort (XSA-201) https://bugzilla.redhat.com/show_bug.cgi?id=1399746 [ 3 ] Bug #1334398 - CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy https://bugzilla.redhat.com/show_bug.cgi?id=1334398 [ 4 ] Bug #1402276 - CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 Qemu: 9pfs: memory leakage via proxy/handle callbacks https://bugzilla.redhat.com/show_bug.cgi?id=1402276

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 24
Version: 4.6.4
Release: 4.fc24
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory critical Fedora memory leak Xen divide by zero async abort

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here