Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 32: Critical DoS Vulnerabilities Found in Xen Hypervisor 2020

fedora
Calendar Grey July 15, 2020
Dist Fedora Esm H88
--------------------------------------------------------------------------------Fedora Update Notifi
incorrect error handling in event channel port allocation leads to DoS [XSA-317, CVE-2020-15566] (#1854465) inverted code paths in x86 dirty VRAM tracking leads to DoS [XSA-319, CV...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

incorrect error handling in event channel port allocation leads to DoS [XSA-317,

CVE-2020-15566] (#1854465) inverted code paths in x86 dirty VRAM tracking leads

to DoS [XSA-319, CVE-2020-15563] (#1854463) xen: insufficient cache write-back

under VT-d leads to DoS [XSA-321, CVE-2020-15565] (#1854467) missing alignment

check in VCPUOP_register_vcpu_info leads to DoS [XSA-327, CVE-2020-15564]

(#1854458) non-atomic modification of live EPT PTE leads to DoS [XSA-328,

CVE-2020-15567] (#1854464)

* Tue Jul 7 2020 Michael Young - 4.13.1-4

- incorrect error handling in event channel port allocation leads to

DoS [XSA-317, CVE-2020-15566] (#1854465)

- inverted code paths in x86 dirty VRAM tracking leads to DoS

[XSA-319, CVE-2020-15563] (#1854463)

- xen: insufficient cache write-back under VT-d leads to DoS

[XSA-321, CVE-2020-15565] (#1854467)

- missing alignment check in VCPUOP_register_vcpu_info leads to DoS

[XSA-327, CVE-2020-15564] (#1854458)

- non-atomic modification of live EPT PTE leads to DoS

[XSA-328, CVE-2020-15567] (#1854464)

* Tue Jun 30 2020 Jeff Law

Disable LTO

[ 1 ] Bug #1851470 - CVE-2020-15564 xen: missing alignment check in VCPUOP_register_vcpu_info leads to DoS (XSA-327)

https://bugzilla.redhat.com/show_bug.cgi?id=1851470

[ 2 ] Bug #1851471 - CVE-2020-15563 xen: inverted code paths in x86 dirty VRAM tracking leads to DoS (XSA-319)

https://bugzilla.redhat.com/show_bug.cgi?id=1851471

[ 3 ] Bug #1851472 - CVE-2020-15567 xen: non-atomic modification of live EPT PTE leads to DoS (XSA-328)

https://bugzilla.redhat.com/show_bug.cgi?id=1851472

[ 4 ] Bug #1851474 - CVE-2020-15566 xen: incorrect error handling in event channel port allocation leads to DoS (XSA-317)

https://bugzilla.redhat.com/show_bug.cgi?id=1851474

[ 5 ] Bug #1851475 - CVE-2020-15565 xen: insufficient cache write-back under VT-d leads to DoS (XSA-321)

https://bugzilla.redhat.com/show_bug.cgi?id=1851475

su -c 'dnf upgrade --advisory FEDORA-2020-fbc13516af' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 32
Version: 4.13.1
Release: 4.fc32
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here