--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-1a467757ce
2018-07-13 16:33:58.543271
--------------------------------------------------------------------------------Name        : xen
Product     : Fedora 27
Version     : 4.9.2
Release     : 6.fc27
URL         : https://xenproject.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------Update Information:

preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] x86:
#DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893]
libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266,
CVE-2018-12892]  ----  Speculative register leakage from lazy FPU context
switching [XSA-267, CVE-2018-3665] fix for change in iasl output
--------------------------------------------------------------------------------ChangeLog:

* Wed Jun 27 2018 Michael Young  - 4.9.2-6
- preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891]
- x86: #DB exception safety check can be triggered by a guest [XSA-265,
        CVE-2018-12893]
- libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266,
        CVE-2018-12892]
* Sat Jun 16 2018 Michael Young  - 4.9.2-5
- Speculative register leakage from lazy FPU context switching
	[XSA-267, CVE-2018-3665]
- fix for change in iasl output
* Tue May 22 2018 Michael Young  - 4.9.2-4
- Speculative Store Bypass [XSA-263, CVE-2018-3639]
	(with extra patches so it applies cleanly)
* Wed May  9 2018 Michael Young  - 4.9.2-3
- x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897]
	(with extra patch so it applies cleanly)
- x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089)
- qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680)
* Wed Apr 25 2018 Michael Young  - 4.9.2-2
- Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)
- x86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)
* Wed Apr  4 2018 Michael Young  - 4.9.2-1
- update to 4.9.2
  adjust xen.use.fedora.ipxe.patch
  remove patches for issues now fixed upstream
* Tue Feb 27 2018 Michael Young  - 4.9.1-5
- add Xen page-table isolation (XPTI) mitigation
  and Branch Target Injection (BTI) mitigation for XSA-254
- DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540]
	(#1549568)
- grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541]
	(#1549570)
- x86 PVH guest without LAPIC may DoS the host [XSA-256, CVE-2018-7542]
	(#1549572)
* Tue Dec 12 2017 Michael Young  - 4.9.1-4
- another patch related to the [XSA-240, CVE-2017-15595] issue
- xen: various flaws (#1525018)
  x86 PV guests may gain access to internally used page
	[XSA-248, CVE-2017-17566]
  broken x86 shadow mode refcount overflow check [XSA-249, CVE-2017-17563]
  improper x86 shadow mode refcount error handling [XSA-250, CVE-2017-17564]
  improper bug check in x86 log-dirty handling [XSA-251, CVE-2017-17565]
* Sat Dec  2 2017 Richard W.M. Jones  - 4.9.1-3
- OCaml 4.06.0 rebuild.
* Tue Nov 28 2017 Michael Young  - 4.9.1-2
- xen: various flaws (#1518214)
  x86: infinite loop due to missing PoD error checking [XSA-246, CVE-2017-17044]
  Missing p2m error checking in PoD code [XSA-247, CVE-2017-17045]
* Thu Nov 23 2017 Michael Young  - 4.9.1-1
- update to 4.9.1 (#1515818)
  adjust xen.use.fedora.ipxe.patch
  and qemu.git-fec5e8c92becad223df9d972770522f64aafdb72.patch
  remove patches for issues now fixed upstream and parts of xen.gcc7.fix.patch
  update xen.hypervisor.config
- update Source0 location
* Wed Nov 15 2017 Michael Young  - 4.9.0-14
- fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a
	security issue
- fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS)
* Thu Oct 26 2017 Michael Young  - 4.9.0-13
- pin count / page reference race in grant table code [XSA-236, CVE-2017-15597]
	(#1506693)
* Thu Oct 12 2017 Michael Young  - 4.9.0-12
- xen: various flaws (#1501391)
  multiple MSI mapping issues on x86 [XSA-237, CVE-2017-15590]
  DMOP map/unmap missing argument checks [XSA-238, CVE-2017-15591]
  hypervisor stack leak in x86 I/O intercept code [XSA-239, CVE-2017-15589]
  Unlimited recursion in linear pagetable de-typing [XSA-240, CVE-2017-15595]
  Stale TLB entry due to page type release race [XSA-241, CVE-2017-15588]
  page type reference leak on x86 [XSA-242, CVE-2017-15593]
  x86: Incorrect handling of self-linear shadow mappings with translated
	 guests [XSA-243, CVE-2017-15592]
  x86: Incorrect handling of IST settings during CPU hotplug [XSA-244,
	CVE-2017-15594]
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1590984 - CVE-2018-12892 xsa-266 xen: libxl fails to honour readonly flag on HVM emulated SCSI disks
        https://bugzilla.redhat.com/show_bug.cgi?id=1590984
  [ 2 ] Bug #1590979 - CVE-2018-12893 xen: x86 DB exception safety check can be triggered by a guest (XSA-265)
        https://bugzilla.redhat.com/show_bug.cgi?id=1590979
  [ 3 ] Bug #1590985 - CVE-2018-12891 xen: preemption checks bypassed in x86 PV MM handling (XSA-264)
        https://bugzilla.redhat.com/show_bug.cgi?id=1590985
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-1a467757ce' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q2DYZXIZH5NK6GZ24XMBJ24W6MHVDAW/

Fedora 27: xen Security Update 2018-1a467757ce

July 13, 2018
preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] x86: #DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893] libxl fails to hono...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] x86:

#DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893]

libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266,

CVE-2018-12892] ---- Speculative register leakage from lazy FPU context

switching [XSA-267, CVE-2018-3665] fix for change in iasl output

* Wed Jun 27 2018 Michael Young - 4.9.2-6

- preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891]

- x86: #DB exception safety check can be triggered by a guest [XSA-265,

CVE-2018-12893]

- libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266,

CVE-2018-12892]

* Sat Jun 16 2018 Michael Young - 4.9.2-5

- Speculative register leakage from lazy FPU context switching

[XSA-267, CVE-2018-3665]

- fix for change in iasl output

* Tue May 22 2018 Michael Young - 4.9.2-4

- Speculative Store Bypass [XSA-263, CVE-2018-3639]

(with extra patches so it applies cleanly)

* Wed May 9 2018 Michael Young - 4.9.2-3

- x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897]

(with extra patch so it applies cleanly)

- x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089)

- qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680)

* Wed Apr 25 2018 Michael Young - 4.9.2-2

- Information leak via crafted user-supplied CDROM [XSA-258] (#1571867)

- x86: PV guest may crash Xen with XPTI [XSA-259] (#1571878)

* Wed Apr 4 2018 Michael Young - 4.9.2-1

- update to 4.9.2

adjust xen.use.fedora.ipxe.patch

remove patches for issues now fixed upstream

* Tue Feb 27 2018 Michael Young - 4.9.1-5

- add Xen page-table isolation (XPTI) mitigation

and Branch Target Injection (BTI) mitigation for XSA-254

- DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540]

(#1549568)

- grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541]

(#1549570)

- x86 PVH guest without LAPIC may DoS the host [XSA-256, CVE-2018-7542]

(#1549572)

* Tue Dec 12 2017 Michael Young - 4.9.1-4

- another patch related to the [XSA-240, CVE-2017-15595] issue

- xen: various flaws (#1525018)

x86 PV guests may gain access to internally used page

[XSA-248, CVE-2017-17566]

broken x86 shadow mode refcount overflow check [XSA-249, CVE-2017-17563]

improper x86 shadow mode refcount error handling [XSA-250, CVE-2017-17564]

improper bug check in x86 log-dirty handling [XSA-251, CVE-2017-17565]

* Sat Dec 2 2017 Richard W.M. Jones - 4.9.1-3

- OCaml 4.06.0 rebuild.

* Tue Nov 28 2017 Michael Young - 4.9.1-2

- xen: various flaws (#1518214)

x86: infinite loop due to missing PoD error checking [XSA-246, CVE-2017-17044]

Missing p2m error checking in PoD code [XSA-247, CVE-2017-17045]

* Thu Nov 23 2017 Michael Young - 4.9.1-1

- update to 4.9.1 (#1515818)

adjust xen.use.fedora.ipxe.patch

and qemu.git-fec5e8c92becad223df9d972770522f64aafdb72.patch

remove patches for issues now fixed upstream and parts of xen.gcc7.fix.patch

update xen.hypervisor.config

- update Source0 location

* Wed Nov 15 2017 Michael Young - 4.9.0-14

- fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a

security issue

- fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS)

* Thu Oct 26 2017 Michael Young - 4.9.0-13

- pin count / page reference race in grant table code [XSA-236, CVE-2017-15597]

(#1506693)

* Thu Oct 12 2017 Michael Young - 4.9.0-12

- xen: various flaws (#1501391)

multiple MSI mapping issues on x86 [XSA-237, CVE-2017-15590]

DMOP map/unmap missing argument checks [XSA-238, CVE-2017-15591]

hypervisor stack leak in x86 I/O intercept code [XSA-239, CVE-2017-15589]

Unlimited recursion in linear pagetable de-typing [XSA-240, CVE-2017-15595]

Stale TLB entry due to page type release race [XSA-241, CVE-2017-15588]

page type reference leak on x86 [XSA-242, CVE-2017-15593]

x86: Incorrect handling of self-linear shadow mappings with translated

guests [XSA-243, CVE-2017-15592]

x86: Incorrect handling of IST settings during CPU hotplug [XSA-244,

CVE-2017-15594]

[ 1 ] Bug #1590984 - CVE-2018-12892 xsa-266 xen: libxl fails to honour readonly flag on HVM emulated SCSI disks

https://bugzilla.redhat.com/show_bug.cgi?id=1590984

[ 2 ] Bug #1590979 - CVE-2018-12893 xen: x86 DB exception safety check can be triggered by a guest (XSA-265)

https://bugzilla.redhat.com/show_bug.cgi?id=1590979

[ 3 ] Bug #1590985 - CVE-2018-12891 xen: preemption checks bypassed in x86 PV MM handling (XSA-264)

https://bugzilla.redhat.com/show_bug.cgi?id=1590985

su -c 'dnf upgrade --advisory FEDORA-2018-1a467757ce' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q2DYZXIZH5NK6GZ24XMBJ24W6MHVDAW/

FEDORA-2018-1a467757ce 2018-07-13 16:33:58.543271 Product : Fedora 27 Version : 4.9.2 Release : 6.fc27 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] x86: #DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893] libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266, CVE-2018-12892] ---- Speculative register leakage from lazy FPU context switching [XSA-267, CVE-2018-3665] fix for change in iasl output * Wed Jun 27 2018 Michael Young - 4.9.2-6 - preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] - x86: #DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893] - libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266, CVE-2018-12892] * Sat Jun 16 2018 Michael Young - 4.9.2-5 - Speculative register leakage from lazy FPU context switching [XSA-267, CVE-2018-3665] - fix for change in iasl output * Tue May 22 2018 Michael Young - 4.9.2-4 - Speculative Store Bypass [XSA-263, CVE-2018-3639] (with extra patches so it applies cleanly) * Wed May 9 2018 Michael Young - 4.9.2-3 - x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] (with extra patch so it applies cleanly) - x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089) - qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680) * Wed Apr 25 2018 Michael Young - 4.9.2-2 - Information leak via crafted user-supplied CDROM [XSA-258] (#1571867) - x86: PV guest may crash Xen with XPTI [XSA-259] (#1571878) * Wed Apr 4 2018 Michael Young - 4.9.2-1 - update to 4.9.2 adjust xen.use.fedora.ipxe.patch remove patches for issues now fixed upstream * Tue Feb 27 2018 Michael Young - 4.9.1-5 - add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 - DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540] (#1549568) - grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541] (#1549570) - x86 PVH guest without LAPIC may DoS the host [XSA-256, CVE-2018-7542] (#1549572) * Tue Dec 12 2017 Michael Young - 4.9.1-4 - another patch related to the [XSA-240, CVE-2017-15595] issue - xen: various flaws (#1525018) x86 PV guests may gain access to internally used page [XSA-248, CVE-2017-17566] broken x86 shadow mode refcount overflow check [XSA-249, CVE-2017-17563] improper x86 shadow mode refcount error handling [XSA-250, CVE-2017-17564] improper bug check in x86 log-dirty handling [XSA-251, CVE-2017-17565] * Sat Dec 2 2017 Richard W.M. Jones - 4.9.1-3 - OCaml 4.06.0 rebuild. * Tue Nov 28 2017 Michael Young - 4.9.1-2 - xen: various flaws (#1518214) x86: infinite loop due to missing PoD error checking [XSA-246, CVE-2017-17044] Missing p2m error checking in PoD code [XSA-247, CVE-2017-17045] * Thu Nov 23 2017 Michael Young - 4.9.1-1 - update to 4.9.1 (#1515818) adjust xen.use.fedora.ipxe.patch and qemu.git-fec5e8c92becad223df9d972770522f64aafdb72.patch remove patches for issues now fixed upstream and parts of xen.gcc7.fix.patch update xen.hypervisor.config - update Source0 location * Wed Nov 15 2017 Michael Young - 4.9.0-14 - fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue - fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS) * Thu Oct 26 2017 Michael Young - 4.9.0-13 - pin count / page reference race in grant table code [XSA-236, CVE-2017-15597] (#1506693) * Thu Oct 12 2017 Michael Young - 4.9.0-12 - xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237, CVE-2017-15590] DMOP map/unmap missing argument checks [XSA-238, CVE-2017-15591] hypervisor stack leak in x86 I/O intercept code [XSA-239, CVE-2017-15589] Unlimited recursion in linear pagetable de-typing [XSA-240, CVE-2017-15595] Stale TLB entry due to page type release race [XSA-241, CVE-2017-15588] page type reference leak on x86 [XSA-242, CVE-2017-15593] x86: Incorrect handling of self-linear shadow mappings with translated guests [XSA-243, CVE-2017-15592] x86: Incorrect handling of IST settings during CPU hotplug [XSA-244, CVE-2017-15594] [ 1 ] Bug #1590984 - CVE-2018-12892 xsa-266 xen: libxl fails to honour readonly flag on HVM emulated SCSI disks https://bugzilla.redhat.com/show_bug.cgi?id=1590984 [ 2 ] Bug #1590979 - CVE-2018-12893 xen: x86 DB exception safety check can be triggered by a guest (XSA-265) https://bugzilla.redhat.com/show_bug.cgi?id=1590979 [ 3 ] Bug #1590985 - CVE-2018-12891 xen: preemption checks bypassed in x86 PV MM handling (XSA-264) https://bugzilla.redhat.com/show_bug.cgi?id=1590985 su -c 'dnf upgrade --advisory FEDORA-2018-1a467757ce' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Q2DYZXIZH5NK6GZ24XMBJ24W6MHVDAW/

Change Log

References

Update Instructions

Severity
Product : Fedora 27
Version : 4.9.2
Release : 6.fc27
URL : https://xenproject.org/
Summary : Xen is a virtual machine monitor

Related News

22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved