Fedora 35: xen 2022-99af00f60e | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-99af00f60e
2022-11-17 01:31:23.157994
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 35
Version     : 4.15.3
Release     : 7.fc35
URL         : https://xen.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests
can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests
can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317,
CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319] Xenstore: Guests can get access to Xenstore nodes of
deleted domains [XSA-417, CVE-2022-42320] Xenstore: Guests can crash xenstored
via exhausting the stack [XSA-418, CVE-2022-42321] Xenstore: Cooperating guests
can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421,
CVE-2022-42325, CVE-2022-42326]  ----  add patch to fix an incorrect backport
Arm: unbounded memory consumption for 2nd-level page tables [XSA-409,
CVE-2022-33747] (#2135268) P2M pool freeing may take excessively long [XSA-410,
CVE-2022-33746] (#2135641) lock order inversion in transitive grant copy
handling [XSA-411, CVE-2022-33748] (#2135263)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  1 2022 Michael Young  - 4.15.3-7
- Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
- Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
        CVE-2022-42310]
- Xenstore: guests can let run xenstored out of memory [XSA-326,
        CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
        CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
- Xenstore: Guests can cause Xenstore to not free temporary memory
        [XSA-416, CVE-2022-42319]
- Xenstore: Guests can get access to Xenstore nodes of deleted domains
        [XSA-417, CVE-2022-42320]
- Xenstore: Guests can crash xenstored via exhausting the stack
        [XSA-418, CVE-2022-42321]
- Xenstore: Cooperating guests can create arbitrary numbers of nodes
        [XSA-419, CVE-2022-42322, CVE-2022-42323]
- Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
- Xenstore: Guests can create arbitrary number of nodes via transactions
        [XSA-421, CVE-2022-42325, CVE-2022-42326]
* Tue Oct 18 2022 Michael Young  - 4.15.3-6
- add patch to fix an incorrect backport
* Tue Oct 18 2022 Michael Young  - 4.15.3-5
- Arm: unbounded memory consumption for 2nd-level page tables [XSA-409,
	CVE-2022-33747] (#2135268)
- P2M pool freeing may take excessively long [XSA-410, CVE-2022-33746]
	(#2135641)
- lock order inversion in transitive grant copy handling [XSA-411,
	CVE-2022-33748] (#2135263)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2135262 - CVE-2022-33748 xen: lock order inversion in transitive grant copy handling
        https://bugzilla.redhat.com/show_bug.cgi?id=2135262
  [ 2 ] Bug #2135267 - CVE-2022-33747 xen: unbounded memory consumption for 2nd-level page tables
        https://bugzilla.redhat.com/show_bug.cgi?id=2135267
  [ 3 ] Bug #2135640 - CVE-2022-33746 xen: P2M pool freeing may take excessively long
        https://bugzilla.redhat.com/show_bug.cgi?id=2135640
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-99af00f60e' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 35: xen 2022-99af00f60e

November 16, 2022
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests can let run xenstored ...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory [XSA-416, CVE-2022-42319] Xenstore: Guests can get access to Xenstore nodes of deleted domains [XSA-417, CVE-2022-42320] Xenstore: Guests can crash xenstored via exhausting the stack [XSA-418, CVE-2022-42321] Xenstore: Cooperating guests can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323] Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324] Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421, CVE-2022-42325, CVE-2022-42326] ---- add patch to fix an incorrect backport Arm: unbounded memory consumption for 2nd-level page tables [XSA-409, CVE-2022-33747] (#2135268) P2M pool freeing may take excessively long [XSA-410, CVE-2022-33746] (#2135641) lock order inversion in transitive grant copy handling [XSA-411, CVE-2022-33748] (#2135263)

Change Log

* Tue Nov 1 2022 Michael Young - 4.15.3-7 - Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] - Xenstore: Guests can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] - Xenstore: guests can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318] - Xenstore: Guests can cause Xenstore to not free temporary memory [XSA-416, CVE-2022-42319] - Xenstore: Guests can get access to Xenstore nodes of deleted domains [XSA-417, CVE-2022-42320] - Xenstore: Guests can crash xenstored via exhausting the stack [XSA-418, CVE-2022-42321] - Xenstore: Cooperating guests can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323] - Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324] - Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421, CVE-2022-42325, CVE-2022-42326] * Tue Oct 18 2022 Michael Young - 4.15.3-6 - add patch to fix an incorrect backport * Tue Oct 18 2022 Michael Young - 4.15.3-5 - Arm: unbounded memory consumption for 2nd-level page tables [XSA-409, CVE-2022-33747] (#2135268) - P2M pool freeing may take excessively long [XSA-410, CVE-2022-33746] (#2135641) - lock order inversion in transitive grant copy handling [XSA-411, CVE-2022-33748] (#2135263)

References

[ 1 ] Bug #2135262 - CVE-2022-33748 xen: lock order inversion in transitive grant copy handling https://bugzilla.redhat.com/show_bug.cgi?id=2135262 [ 2 ] Bug #2135267 - CVE-2022-33747 xen: unbounded memory consumption for 2nd-level page tables https://bugzilla.redhat.com/show_bug.cgi?id=2135267 [ 3 ] Bug #2135640 - CVE-2022-33746 xen: P2M pool freeing may take excessively long https://bugzilla.redhat.com/show_bug.cgi?id=2135640

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-99af00f60e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : xen
Product : Fedora 35
Version : 4.15.3
Release : 7.fc35
URL : https://xen.org/
Summary : Xen is a virtual machine monitor

Related News

What is WireGuard?

News

Advisories

HOWTOs

Features

Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy