Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: 2020-0113 Critical: Xen Multiple DoS and Side Channel Issues

mageia
Calendar Grey March 6, 2020
Dist Mageia Esm H88
Maintenance patch for Mageia addressing several vulnerabilities in xen, which includes DoS threats and speculative timing attack weaknesses.
- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods [XSA-306] - x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] - TS...

Summary

- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods [XSA-306] - x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] - TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] - VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] (rhbz#1771368) - missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] (rhbz#1771341) - Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] (rhbz#1767726) - add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] (rhbz#1771345) - passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424] (rhbz#1767731) - ARM: Interrupts are unconditionally unmasked in exception handlers [XSA-303, CVE-2019-18422] (rhbz#1771443) - Unlimited Arm Atomics Operations [XSA-295, CVE-2019-17349, CVE-2019-17350] (rhbz#1720760) - fix HVM DomU boot on some chipsets - adjust grub2 workaround

References

- https://bugs.mageia.org/show_bug.cgi?id=25782

- https://xenbits.xen.org/xsa/advisory-295.html

- https://xenbits.xen.org/xsa/advisory-296.html

- https://xenbits.xen.org/xsa/advisory-298.html

- https://xenbits.xen.org/xsa/advisory-299.html

- https://xenbits.xen.org/xsa/advisory-301.html

- https://xenbits.xen.org/xsa/advisory-302.html

- https://xenbits.xen.org/xsa/advisory-303.html

- https://xenbits.xen.org/xsa/advisory-304.html

- https://xenbits.xen.org/xsa/advisory-305.html

- https://xenbits.xen.org/xsa/advisory-306.html

- https://www.cve.org/CVERecord?id=CVE-2018-12207

- https://www.cve.org/CVERecord?id=CVE-2019-11135

- https://www.cve.org/CVERecord?id=CVE-2019-17349

- https://www.cve.org/CVERecord?id=CVE-2019-17349

- https://www.cve.org/CVERecord?id=CVE-2019-17350

- https://www.cve.org/CVERecord?id=CVE-2019-18420

- https://www.cve.org/CVERecord?id=CVE-2019-18421

- https://www.cve.org/CVERecord?id=CVE-2019-18422

- https://www.cve.org/CVERecord?id=CVE-2019-18423

- https://www.cve.org/CVERecord?id=CVE-2019-18424

- https://www.cve.org/CVERecord?id=CVE-2019-18425

Topics%20covered

Topics Covered

security advisory DoS xen Mageia side channel speculative pci assignment

Resolution

SRPMS

- 7/core/xen-4.12.1-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0113.html
Type: security
CVE: CVE-2018-12207, CVE-2019-11135, CVE-2019-17349, CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425

Topics%20covered

Topics Covered

security advisory DoS xen Mageia side channel speculative pci assignment

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here