Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 27: 2017-c432db2971 High: Xen Hypervisor Flaws Affect Stability

fedora
Calendar Grey November 11, 2017
Dist Fedora Esm H88
This Ubuntu patch addresses several vulnerabilities in the KVM virtualization environment, enhancing performance and protection for its users.
xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP

map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O

intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing

[XSA-240] Stale TLB entry due to page type release race [XSA-241] page type

reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow

mappings with translated guests [XSA-243] x86: Incorrect handling of IST

settings during CPU hotplug [XSA-244]

[ 1 ] Bug #1499817 - CVE-2017-15590 xsa237 xen: multiple MSI mapping issues on x86 (XSA-237)

https://bugzilla.redhat.com/show_bug.cgi?id=1499817

[ 2 ] Bug #1499818 - CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238)

https://bugzilla.redhat.com/show_bug.cgi?id=1499818

[ 3 ] Bug #1499819 - CVE-2017-15589 xsa239 xen: hypervisor stack leak in x86 I/O intercept code (XSA-239)

https://bugzilla.redhat.com/show_bug.cgi?id=1499819

[ 4 ] Bug #1499820 - CVE-2017-15595 xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240)

https://bugzilla.redhat.com/show_bug.cgi?id=1499820

[ 5 ] Bug #1499821 - CVE-2017-15588 xsa241 xen: Stale TLB entry due to page type release race (XSA-241)

https://bugzilla.redhat.com/show_bug.cgi?id=1499821

[ 6 ] Bug #1499822 - CVE-2017-15593 xsa242 xen: page type reference leak on x86 (XSA-242)

https://bugzilla.redhat.com/show_bug.cgi?id=1499822

[ 7 ] Bug #1499823 - CVE-2017-15592 xsa243 xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243)

https://bugzilla.redhat.com/show_bug.cgi?id=1499823

[ 8 ] Bug #1499824 - CVE-2017-15594 xsa244 xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244)

https://bugzilla.redhat.com/show_bug.cgi?id=1499824

su -c 'dnf upgrade xen' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora hypervisor xen virtual machine stack leak MSI mapping

Change Log

References

Update Instructions

Product: Fedora 27
Version: 4.9.0
Release: 12.fc27
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory Fedora hypervisor xen virtual machine stack leak MSI mapping

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here