Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41 FEDORA-2025-933a9a977e critical: xen data leak and deadlock

fedora
Calendar Grey January 12, 2025
Dist Fedora Esm H88
Release note for Fedora 41 focused on urgent patches for xen, remedying data leaks and enhancing error management. Keep your system safe!
work around debugedit bug to fix aarch64 builds xen-hypervisor %post doesn't load all needed grub2 modules update to xen-4.19.1 which includes Deadlock in x86 HVM standard VGA hand...

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

Update Information:

work around debugedit bug to fix aarch64 builds xen-hypervisor %post doesn't load all needed grub2 modules update to xen-4.19.1 which includes Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818] libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]

Topics%20covered

Topics Covered

security advisory security issue update Fedora bug fix xen virtual machine

Change Log

* Thu Jan 9 2025 Michael Young - 4.19.1-3 - work around debugedit bug to fix aarch64 builds * Sat Jan 4 2025 Andrea Perotti - 4.19.1-2 - xen-hypervisor %post doesn't load all needed grub2 modules (#2335558) * Thu Dec 5 2024 Michael Young - 4.19.1-1 - update to xen-4.19.1 remove patches now included or superceded upstream * Tue Nov 12 2024 Michael Young - 4.19.0-5 - Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818] - libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819] - additional patches so above applies cleanly

References


[ 1 ] Bug #2330331 - xen-4.19.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2330331 [ 2 ] Bug #2333330 - CVE-2024-45818 xen: Deadlock in x86 HVM standard VGA handling [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333330 [ 3 ] Bug #2333333 - CVE-2024-45819 xen: libxl leaks data to PVH guests via ACPI tables [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333333 [ 4 ] Bug #2335558 - Failure in loading multiboot2 prevent Xen from boot https://bugzilla.redhat.com/show_bug.cgi?id=2335558

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-933a9a977e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xen
Product: Fedora 41
Version: 4.19.1
Release: 3.fc41
URL: https://xenproject.org/
Summary: Xen is a virtual machine monitor

Topics%20covered

Topics Covered

security advisory security issue update Fedora bug fix xen virtual machine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here