Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 30: 2019-53b0dc52ee Critical: Xen Access Control Flaws

fedora
Calendar Grey March 29, 2019
Dist Fedora Esm H88
Critical patch released for Xen in Fedora 30 addresses various vulnerabilities, enhancing security measures and boosting virtualization performance.
xen: various flaws (#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access disci...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

xen: various flaws (#1685577) grant table transfer issues on large hosts

[XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page

violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU

discipline [XSA-288] missing preemption in x86 PV page table unvalidation

[XSA-290] x86/PV: page type reference counting issue with failed IOMMU update

[XSA-291] x86: insufficient TLB flushing when using PCID [XSA-292] x86: PV

kernel context switch corruption [XSA-293] x86 shadow: Insufficient TLB flushing

when using PCID [XSA-294]

[ 1 ] Bug #1679321 - xen: xsa288: Inconsistent PV IOMMU discipline

https://bugzilla.redhat.com/show_bug.cgi?id=1679321

[ 2 ] Bug #1679326 - xen: xsa292: insufficient TLB flushing when using PCID

https://bugzilla.redhat.com/show_bug.cgi?id=1679326

[ 3 ] Bug #1679327 - xen: xsa293: PV kernel context switch corruption

https://bugzilla.redhat.com/show_bug.cgi?id=1679327

[ 4 ] Bug #1679328 - xen: xsa287: steal_page violates page_struct access discipline

https://bugzilla.redhat.com/show_bug.cgi?id=1679328

[ 5 ] Bug #1679332 - xen: xsa285: race with pass-through device hotplug

https://bugzilla.redhat.com/show_bug.cgi?id=1679332

[ 6 ] Bug #1679334 - xen: xsa290: missing preemption in x86 PV page table unvalidation

https://bugzilla.redhat.com/show_bug.cgi?id=1679334

[ 7 ] Bug #1683956 - xen: xsa294: Insufficient TLB flushing when using PCID

https://bugzilla.redhat.com/show_bug.cgi?id=1683956

[ 8 ] Bug #1685568 - xen: xsa284: grant table transfer issues on large hosts

https://bugzilla.redhat.com/show_bug.cgi?id=1685568

[ 9 ] Bug #1685570 - xen: xsa291: x86/PV: page type reference counting issue with failed IOMMU update

https://bugzilla.redhat.com/show_bug.cgi?id=1685570

su -c 'dnf upgrade --advisory FEDORA-2019-53b0dc52ee' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora access control critical flaw virtualization performance issue xen

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 4.11.1
Release: 4.fc30
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory Fedora access control critical flaw virtualization performance issue xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here