--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-9f51d13fa3
2022-11-24 01:24:26.774334
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 37
Version     : 4.16.2
Release     : 4.fc37
URL         : https://xen.org/
Summary     : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: Multiple speculative security issues [XSA-422, CVE-2022-23824]  ----  x86:
unintended memory sharing between guests [XSA-412, CVE-2022-42327] Xenstore:
Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests can create
orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests can let run
xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317,
CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319] Xenstore: Guests can get access to Xenstore nodes of
deleted domains [XSA-417, CVE-2022-42320] Xenstore: Guests can crash xenstored
via exhausting the stack [XSA-418, CVE-2022-42321] Xenstore: Cooperating guests
can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421,
CVE-2022-42325, CVE-2022-42326]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov  8 2022 Michael Young  - 4.16.2-4
- x86: Multiple speculative security issues [XSA-422, CVE-2022-23824]
* Tue Nov  1 2022 Michael Young  - 4.16.2-3
- x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
- Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
- Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
	CVE-2022-42310]
- Xenstore: guests can let run xenstored out of memory [XSA-326,
	CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
	CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
- Xenstore: Guests can cause Xenstore to not free temporary memory
	[XSA-416, CVE-2022-42319]
- Xenstore: Guests can get access to Xenstore nodes of deleted domains
	[XSA-417, CVE-2022-42320]
- Xenstore: Guests can crash xenstored via exhausting the stack
	[XSA-418, CVE-2022-42321]
- Xenstore: Cooperating guests can create arbitrary numbers of nodes
	[XSA-419, CVE-2022-42322, CVE-2022-42323]
- Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
- Xenstore: Guests can create arbitrary number of nodes via transactions
	[XSA-421, CVE-2022-42325, CVE-2022-42326]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-9f51d13fa3' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue