Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Fedora 40: Security Advisory FEDORA-2024-169a1cc589 for Xen Threats

fedora
Calendar Grey August 1, 2024
Dist Fedora Esm H88
Updates to Fedora addressing significant security vulnerabilities pertain to IRQ processing and history injection in branch operations.
double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143] x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143] x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]

Change Log

* Tue Jul 16 2024 Michael Young - 4.18.2-4 - double unlock in x86 guest IRQ handling [XSA-458, CVE-2024-31143] * Fri Jun 7 2024 Python Maint - 4.18.2-3 - Rebuilt for Python 3.13 * Mon Jun 3 2024 Michael Young - 4.18.2-2 - x86: Native Branch History Injection [XSA-456 version 3, CVE-2024-2201]

References

Fedora Update Notification FEDORA-2024-169a1cc589 2024-08-01 02:52:09.188975 Name : xen Product : Fedora 40 Version : 4.18.2 Release : 4.fc40 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-169a1cc589' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 40
Version: 4.18.2
Release: 4.fc40
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.