Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

Fedora 25: 2016-999e1a6927 Critical: Xen Security Flaws

fedora
Calendar Grey December 4, 2016
Scroller Fedora
Multiple vulnerabilities discovered in the Xen hypervisor of Fedora 25, necessitating urgent patches and updates to ensure system integrity and protection.
xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] ...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] x86 segment base write emulation lacking canonical address checks [XSA-193, CVE-2016-9385] guest 32-bit ELF symbol table load leaking host data [XSA-194, CVE-2016-9384] x86 64-bit bit test instruction emulation broken [XSA-195, CVE-2016-9383] x86 software interrupt injection mis- handled [XSA-196, CVE-2016-9377, CVE-2016-9378] qemu incautious about shared ring processing [XSA-197, CVE-2016-9381] delimiter injection vulnerabilities in pygrub [XSA-198, CVE-2016-9379, CVE-2016-9380]

Change Log

References


[ 1 ] Bug #1392933 - CVE-2016-9382 xsa192 xen: x86 task switch to VM86 mode mis-handled (XSA-192) https://bugzilla.redhat.com/show_bug.cgi?id=1392933 [ 2 ] Bug #1392939 - CVE-2016-9379 CVE-2016-9380 xsa198 xen: delimiter injection vulnerabilities in pygrub (XSA-198) https://bugzilla.redhat.com/show_bug.cgi?id=1392939 [ 3 ] Bug #1392929 - CVE-2016-9385 xsa193 xen: x86 segment base write emulation lacking canonical address checks (XSA-193) https://bugzilla.redhat.com/show_bug.cgi?id=1392929 [ 4 ] Bug #1392934 - CVE-2016-9384 xsa194 xen: guest 32-bit ELF symbol table load leaking host data (XSA-194) https://bugzilla.redhat.com/show_bug.cgi?id=1392934 [ 5 ] Bug #1392938 - CVE-2016-9381 xsa197 xen: qemu incautious about shared ring processing (XSA-197) https://bugzilla.redhat.com/show_bug.cgi?id=1392938 [ 6 ] Bug #1392937 - CVE-2016-9377 CVE-2016-9378 xsa196 xen: x86 software interrupt injection mis-handled (XSA-196) https://bug...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 25
Version: 4.7.1
Release: 3.fc25
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.