Fedora 35: xen 2022-2c9f8224f8 | LinuxSecurity.com

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 196

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-2c9f8224f8
2022-07-23 02:26:57.539844
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 35
Version     : 4.15.3
Release     : 2.fc35
URL         : https://xen.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365, CVE-2022-33740,
CVE-2022-33741, CVE-2022-33742] (#2104747)  ----  update to xen-4.15.3 x86: MMIO
Stale Data vulnerabilities (not applied in 4.15.2-5)  ----  x86: MMIO Stale Data
vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166]  ----
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] x86 pv:
Insufficient care with non-coherent mappings [ XSA-402, CVE-2022-26363,
CVE-2022-26364]
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul  7 2022 Michael Young  - 4.15.3-2
- Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365,
	CVE-2022-33740, CVE-2022-33741, CVE-2022-33742] (#2104747)
* Fri Jul  1 2022 Michael Young  - 4.15.3-1
- update to xen-4.15.3
  remove or adjust patches now included or superceded upstream
- x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5)
* Wed Jun 22 2022 Michael Young  - 4.15.2-5
- x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
	CVE-2022-21125, CVE-2022-21166]
* Thu Jun  9 2022 Michael Young  - 4.15.2-4
- x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
- x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
	CVE-2022-26363, CVE-2022-26364]
- additional patches so above applies cleanly
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2104746 - CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 xen: Linux disk/nic frontends data leaks
        https://bugzilla.redhat.com/show_bug.cgi?id=2104746
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-2c9f8224f8' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 35: xen 2022-2c9f8224f8

July 22, 2022

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742] (#2104747) ---- update to xen-4.15.3 x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5) ---- x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166] ---- x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] x86 pv: Insufficient care with non-coherent mappings [ XSA-402, CVE-2022-26363, CVE-2022-26364]

Change Log

* Thu Jul 7 2022 Michael Young - 4.15.3-2 - Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742] (#2104747) * Fri Jul 1 2022 Michael Young - 4.15.3-1 - update to xen-4.15.3 remove or adjust patches now included or superceded upstream - x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5) * Wed Jun 22 2022 Michael Young - 4.15.2-5 - x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166] * Thu Jun 9 2022 Michael Young - 4.15.2-4 - x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] - x86 pv: Insufficient care with non-coherent mappings [ XSA-402, CVE-2022-26363, CVE-2022-26364] - additional patches so above applies cleanly

References

[ 1 ] Bug #2104746 - CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 xen: Linux disk/nic frontends data leaks https://bugzilla.redhat.com/show_bug.cgi?id=2104746

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-2c9f8224f8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : xen
Product : Fedora 35
Version : 4.15.3
Release : 2.fc35
URL : https://xen.org/
Summary : Xen is a virtual machine monitor

News

Advisories

HOWTOs

Features

The Story Behind the Linux Security Quick Reference Guide
Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications
Installing SurfShark VPN On Kali Linux: The Authoritative Guide
Best Practices for PHP Security

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy