Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Fedora 25 Critical: FEDORA-2016-7b6fbff620 XEN QEMU Security Issues

fedora
Calendar Grey November 19, 2016
Dist Fedora Esm H88
Important patch for Fedora 25 tackles various Qemu vulnerabilities to improve overall security and system reliability.
several qemu security fixes

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

several qemu security fixes

Change Log

References


[ 1 ] Bug #1383291 - CVE-2016-8578 Qemu: 9pfs: potential NULL dereferencein 9pfs routines https://bugzilla.redhat.com/show_bug.cgi?id=1383291 [ 2 ] Bug #1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch https://bugzilla.redhat.com/show_bug.cgi?id=1333425 [ 3 ] Bug #1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters https://bugzilla.redhat.com/show_bug.cgi?id=1384909 [ 4 ] Bug #1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode https://bugzilla.redhat.com/show_bug.cgi?id=1388046 [ 5 ] Bug #1327626 - Qemu: timer: a9gtimer: Infinite loop unfolds when updating a9gtimer https://bugzilla.redhat.com/show_bug.cgi?id=1327626 [ 6 ] Bug #1389642 - CVE-2016-9103 Qemu: 9pfs: information leakage via xattr https://bugzilla.redhat.com/show_bug.cgi?id=1389642 [ 7 ] Bug #1389550 - CVE-2016-9102 Qemu: 9pfs: memory leakage when creating ex...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 25
Version: 4.7.0
Release: 7.fc25
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.