--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2020-f668e579be
2020-10-01 01:27:47.371402
--------------------------------------------------------------------------------Name        : xen
Product     : Fedora 32
Version     : 4.13.1
Release     : 6.fc32
URL         : http://xen.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------Update Information:

x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path
[XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM
vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back
hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event
channels may not turn invalid [XSA-338, CVE-2020-25597] (#1881588) x86 pv guest
kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (#1881617) Missing memory
barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603]
(#1881583) out of bounds event channels available to 32-bit x86 domains
[XSA-342, CVE-2020-25600] (#1881582) races with evtchn_reset() [XSA-343,
CVE-2020-25599] (#1881581) lack of preemption in evtchn_reset() /
evtchn_destroy() [XSA-344, CVE-2020-25601] (#1881586)
--------------------------------------------------------------------------------ChangeLog:

* Tue Sep 22 2020 Michael Young  - 4.13.1-6
- x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
	CVE-2020-25602] (#1881619)
- Missing unlock in XENMEM_acquire_resource error path [XSA-334,
	CVE-2020-25598] (#1881616)
- race when migrating timers between x86 HVM vCPU-s [XSA-336,
	CVE-2020-25604] (#1881618)
- PCI passthrough code reading back hardware registers [XSA-337,
	CVE-2020-25595] (#1881587)
- once valid event channels may not turn invalid [XSA-338, CVE-2020-25597]
	(#1881588)
- x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596]
	(#1881617)
- Missing memory barriers when accessing/allocating an event channel [XSA-340,
	CVE-2020-25603] (#1881583)
- out of bounds event channels available to 32-bit x86 domains [XSA-342,
	CVE-2020-25600] (#1881582)
- races with evtchn_reset() [XSA-343, CVE-2020-25599] (#1881581)
- lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344,
	CVE-2020-25601] (#1881586)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1877366 - CVE-2020-25603 xen: missing memory barriers when accessing/allocating an event channel (XSA-340)
        https://bugzilla.redhat.com/show_bug.cgi?id=1877366
  [ 2 ] Bug #1877369 - CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337)
        https://bugzilla.redhat.com/show_bug.cgi?id=1877369
  [ 3 ] Bug #1877378 - CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344)
        https://bugzilla.redhat.com/show_bug.cgi?id=1877378
  [ 4 ] Bug #1877382 - CVE-2020-25604 xen: race when migrating timers between x86 HVM vCPU-s (XSA-336)
        https://bugzilla.redhat.com/show_bug.cgi?id=1877382
  [ 5 ] Bug #1877383 - CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334)
        https://bugzilla.redhat.com/show_bug.cgi?id=1877383
  [ 6 ] Bug #1879553 - CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338)
        https://bugzilla.redhat.com/show_bug.cgi?id=1879553
  [ 7 ] Bug #1879567 - CVE-2020-25599 xen: races with evtchn_reset function (XSA-343)
        https://bugzilla.redhat.com/show_bug.cgi?id=1879567
  [ 8 ] Bug #1880137 - CVE-2020-25596 xen: x86 pv guest kernel DoS via SYSENTER (XSA-339)
        https://bugzilla.redhat.com/show_bug.cgi?id=1880137
  [ 9 ] Bug #1880156 - CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)
        https://bugzilla.redhat.com/show_bug.cgi?id=1880156
  [ 10 ] Bug #1880158 - CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333)
        https://bugzilla.redhat.com/show_bug.cgi?id=1880158
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-f668e579be' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Fedora 32: xen 2020-f668e579be

September 30, 2020
x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333, CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path [XSA-334, CVE-2020-25598] (#18...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,

CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path

[XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM

vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back

hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event

channels may not turn invalid [XSA-338, CVE-2020-25597] (#1881588) x86 pv guest

kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (#1881617) Missing memory

barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603]

(#1881583) out of bounds event channels available to 32-bit x86 domains

[XSA-342, CVE-2020-25600] (#1881582) races with evtchn_reset() [XSA-343,

CVE-2020-25599] (#1881581) lack of preemption in evtchn_reset() /

evtchn_destroy() [XSA-344, CVE-2020-25601] (#1881586)

* Tue Sep 22 2020 Michael Young - 4.13.1-6

- x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,

CVE-2020-25602] (#1881619)

- Missing unlock in XENMEM_acquire_resource error path [XSA-334,

CVE-2020-25598] (#1881616)

- race when migrating timers between x86 HVM vCPU-s [XSA-336,

CVE-2020-25604] (#1881618)

- PCI passthrough code reading back hardware registers [XSA-337,

CVE-2020-25595] (#1881587)

- once valid event channels may not turn invalid [XSA-338, CVE-2020-25597]

(#1881588)

- x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596]

(#1881617)

- Missing memory barriers when accessing/allocating an event channel [XSA-340,

CVE-2020-25603] (#1881583)

- out of bounds event channels available to 32-bit x86 domains [XSA-342,

CVE-2020-25600] (#1881582)

- races with evtchn_reset() [XSA-343, CVE-2020-25599] (#1881581)

- lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344,

CVE-2020-25601] (#1881586)

[ 1 ] Bug #1877366 - CVE-2020-25603 xen: missing memory barriers when accessing/allocating an event channel (XSA-340)

https://bugzilla.redhat.com/show_bug.cgi?id=1877366

[ 2 ] Bug #1877369 - CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337)

https://bugzilla.redhat.com/show_bug.cgi?id=1877369

[ 3 ] Bug #1877378 - CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344)

https://bugzilla.redhat.com/show_bug.cgi?id=1877378

[ 4 ] Bug #1877382 - CVE-2020-25604 xen: race when migrating timers between x86 HVM vCPU-s (XSA-336)

https://bugzilla.redhat.com/show_bug.cgi?id=1877382

[ 5 ] Bug #1877383 - CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334)

https://bugzilla.redhat.com/show_bug.cgi?id=1877383

[ 6 ] Bug #1879553 - CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338)

https://bugzilla.redhat.com/show_bug.cgi?id=1879553

[ 7 ] Bug #1879567 - CVE-2020-25599 xen: races with evtchn_reset function (XSA-343)

https://bugzilla.redhat.com/show_bug.cgi?id=1879567

[ 8 ] Bug #1880137 - CVE-2020-25596 xen: x86 pv guest kernel DoS via SYSENTER (XSA-339)

https://bugzilla.redhat.com/show_bug.cgi?id=1880137

[ 9 ] Bug #1880156 - CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)

https://bugzilla.redhat.com/show_bug.cgi?id=1880156

[ 10 ] Bug #1880158 - CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333)

https://bugzilla.redhat.com/show_bug.cgi?id=1880158

su -c 'dnf upgrade --advisory FEDORA-2020-f668e579be' at the command

line. For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

FEDORA-2020-f668e579be 2020-10-01 01:27:47.371402 Product : Fedora 32 Version : 4.13.1 Release : 6.fc32 URL : http://xen.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333, CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path [XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event channels may not turn invalid [XSA-338, CVE-2020-25597] (#1881588) x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (#1881617) Missing memory barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603] (#1881583) out of bounds event channels available to 32-bit x86 domains [XSA-342, CVE-2020-25600] (#1881582) races with evtchn_reset() [XSA-343, CVE-2020-25599] (#1881581) lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344, CVE-2020-25601] (#1881586) * Tue Sep 22 2020 Michael Young - 4.13.1-6 - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333, CVE-2020-25602] (#1881619) - Missing unlock in XENMEM_acquire_resource error path [XSA-334, CVE-2020-25598] (#1881616) - race when migrating timers between x86 HVM vCPU-s [XSA-336, CVE-2020-25604] (#1881618) - PCI passthrough code reading back hardware registers [XSA-337, CVE-2020-25595] (#1881587) - once valid event channels may not turn invalid [XSA-338, CVE-2020-25597] (#1881588) - x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (#1881617) - Missing memory barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603] (#1881583) - out of bounds event channels available to 32-bit x86 domains [XSA-342, CVE-2020-25600] (#1881582) - races with evtchn_reset() [XSA-343, CVE-2020-25599] (#1881581) - lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344, CVE-2020-25601] (#1881586) [ 1 ] Bug #1877366 - CVE-2020-25603 xen: missing memory barriers when accessing/allocating an event channel (XSA-340) https://bugzilla.redhat.com/show_bug.cgi?id=1877366 [ 2 ] Bug #1877369 - CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337) https://bugzilla.redhat.com/show_bug.cgi?id=1877369 [ 3 ] Bug #1877378 - CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344) https://bugzilla.redhat.com/show_bug.cgi?id=1877378 [ 4 ] Bug #1877382 - CVE-2020-25604 xen: race when migrating timers between x86 HVM vCPU-s (XSA-336) https://bugzilla.redhat.com/show_bug.cgi?id=1877382 [ 5 ] Bug #1877383 - CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334) https://bugzilla.redhat.com/show_bug.cgi?id=1877383 [ 6 ] Bug #1879553 - CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338) https://bugzilla.redhat.com/show_bug.cgi?id=1879553 [ 7 ] Bug #1879567 - CVE-2020-25599 xen: races with evtchn_reset function (XSA-343) https://bugzilla.redhat.com/show_bug.cgi?id=1879567 [ 8 ] Bug #1880137 - CVE-2020-25596 xen: x86 pv guest kernel DoS via SYSENTER (XSA-339) https://bugzilla.redhat.com/show_bug.cgi?id=1880137 [ 9 ] Bug #1880156 - CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) https://bugzilla.redhat.com/show_bug.cgi?id=1880156 [ 10 ] Bug #1880158 - CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333) https://bugzilla.redhat.com/show_bug.cgi?id=1880158 su -c 'dnf upgrade --advisory FEDORA-2020-f668e579be' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 32
Version : 4.13.1
Release : 6.fc32
URL : http://xen.org/
Summary : Xen is a virtual machine monitor