Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 27: FEDORA-2018-98684f429b Critical: Xen Debug Exception Issues

fedora
Calendar Grey May 16, 2018
Dist Fedora Esm H88
The recent Fedora update for Xen tackles urgent security vulnerabilities tied to debug exception handling and the risk of infinite loops.
x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86 vHPET interrupt injection errors [XSA-261] (#1576089) qemu may drive Xen into unbounded loop [XSA-262]

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86 vHPET

interrupt injection errors [XSA-261] (#1576089) qemu may drive Xen into

unbounded loop [XSA-262]

* Wed May 9 2018 Michael Young - 4.9.2-3

- x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897]

(with extra patch so it applies cleanly)

- x86 vHPET interrupt injection errors [XSA-261] (#1576089)

- qemu may drive Xen into unbounded loop [XSA-262]

* Wed Apr 25 2018 Michael Young - 4.9.2-2

- Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)

- x86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)

* Wed Apr 4 2018 Michael Young - 4.9.2-1

- update to 4.9.2

adjust xen.use.fedora.ipxe.patch

remove patches for issues now fixed upstream

* Tue Feb 27 2018 Michael Young - 4.9.1-5

- add Xen page-table isolation (XPTI) mitigation

and Branch Target Injection (BTI) mitigation for XSA-254

- DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540]

(#1549568)

- grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541]

(#1549570)

- x86 PVH guest without LAPIC may DoS the host [XSA-256, CVE-2018-7542]

(#1549572)

* Tue Dec 12 2017 Michael Young - 4.9.1-4

- another patch related to the [XSA-240, CVE-2017-15595] issue

- xen: various flaws (#1525018)

x86 PV guests may gain access to internally used page

[XSA-248, CVE-2017-17566]

broken x86 shadow mode refcount overflow check [XSA-249, CVE-2017-17563]

improper x86 shadow mode refcount error handling [XSA-250, CVE-2017-17564]

improper bug check in x86 log-dirty handling [XSA-251, CVE-2017-17565]

* Sat Dec 2 2017 Richard W.M. Jones - 4.9.1-3

- OCaml 4.06.0 rebuild.

* Tue Nov 28 2017 Michael Young - 4.9.1-2

- xen: various flaws (#1518214)

x86: infinite loop due to missing PoD error checking [XSA-246, CVE-2017-17044]

Missing p2m error checking in PoD code [XSA-247, CVE-2017-17045]

* Thu Nov 23 2017 Michael Young - 4.9.1-1

- update to 4.9.1 (#1515818)

adjust xen.use.fedora.ipxe.patch

and qemu.git-fec5e8c92becad223df9d972770522f64aafdb72.patch

remove patches for issues now fixed upstream and parts of xen.gcc7.fix.patch

update xen.hypervisor.config

- update Source0 location

* Wed Nov 15 2017 Michael Young - 4.9.0-14

- fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a

security issue

- fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS)

* Thu Oct 26 2017 Michael Young - 4.9.0-13

- pin count / page reference race in grant table code [XSA-236, CVE-2017-15597]

(#1506693)

* Thu Oct 12 2017 Michael Young - 4.9.0-12

- xen: various flaws (#1501391)

multiple MSI mapping issues on x86 [XSA-237, CVE-2017-15590]

DMOP map/unmap missing argument checks [XSA-238, CVE-2017-15591]

hypervisor stack leak in x86 I/O intercept code [XSA-239, CVE-2017-15589]

Unlimited recursion in linear pagetable de-typing [XSA-240, CVE-2017-15595]

Stale TLB entry due to page type release race [XSA-241, CVE-2017-15588]

page type reference leak on x86 [XSA-242, CVE-2017-15593]

x86: Incorrect handling of self-linear shadow mappings with translated

guests [XSA-243, CVE-2017-15592]

x86: Incorrect handling of IST settings during CPU hotplug [XSA-244,

CVE-2017-15594]

[ 1 ] Bug #1571880 - CVE-2018-10982 xsa261 xen: x86 vHPET interrupt injection errors (XSA-261)

https://bugzilla.redhat.com/show_bug.cgi?id=1571880

[ 2 ] Bug #1571881 - CVE-2018-10981 xsa262 xen: qemu may drive Xen into unbounded loop (XSA-262)

https://bugzilla.redhat.com/show_bug.cgi?id=1571881

su -c 'dnf upgrade --advisory FEDORA-2018-98684f429b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory critical issue Fedora DoS hypervisor Xen debug exception

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 4.9.2
Release: 3.fc27
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory critical issue Fedora DoS hypervisor Xen debug exception

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here