Stay Secure with the Latest Linux Advisories

security advisoryFedorarisk mitigation

Fedora 26: 2018-7cd077ddd3 Critical Issues with Xen Loop and Interrupts

x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089) qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-7cd077ddd3 2018-05-27 19:18:48.299855 --------------------------------------------------------------------------------Name : xen Product : Fedora 26 Version : 4.8.3 Release : 5.fc26 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089) qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680) --------------------------------------------------------------------------------ChangeLog: * Wed May 9 2018 Michael Young - 4.8.3-5 - x86: mishandling of debug exceptions [XSA-260, CVE-2018-8897] (with extra patches so it applies cleanly) - x86 vHPET interrupt injection errors [XSA-261, CVE-2018-10982] (#1576089) - qemu may drive Xen into unbounded loop [XSA-262, CVE-2018-10981] (#1576680) * Wed Apr 25 2018 Michael Young - 4.8.3-4 - Information leak via crafted user-supplied CDROM [XSA-258] (#1571867) - x86: PV guest may crash Xen with XPTI [XSA-259] (#1571878) * Tue Feb 27 2018 Michael Young - 4.8.3-3 - update Xen page-table isolation (XPTI) mitigation and add Branch Target Injection (BTI) mitigation for XSA-254 - DoS via non-preemptable L3/L4 pagetable freeing [XSA-252, CVE-2018-7540] (#1549568) - grant table v2 -> v1 transition may crash Xen [XSA-255, CVE-2018-7541] (#1549570) - x86 PVH guest withoutLAPIC may DoS the host [XSA-256, CVE-2018-7542] (#1549572) * Thu Jan 25 2018 Michael Young - 4.8.3-2 - also need CONFIG_PV_LINEAR_PT in xen.hypervisor.config to build * Wed Jan 24 2018 Michael Young - 4.8.3-1 - update to xen-4.8.3 (includes Xen page-table isolation (XPTI) mitigation for XSA-254) adjust xen.use.fedora.ipxe.patch, xen.gcc7.fix.patch and qemu.git-fec5e8c92becad223df9d972770522f64aafdb72.patch remove upstream patches * Tue Dec 12 2017 Michael Young - 4.8.2-9 - another patch related to the [XSA-240, CVE-2017-15595] issue - xen: various flaws (#1525018) x86 PV guests may gain access to internally used page [XSA-248] broken x86 shadow mode refcount overflow check [XSA-249] improper x86 shadow mode refcount error handling [XSA-250] improper bug check in x86 log-dirty handling [XSA-251] * Tue Nov 28 2017 Michael Young - 4.8.2-8 - xen: various flaws (#1518214) x86: infinite loop due to missing PoD error checking [XSA-246, CVE-2017-17044] Missing p2m error checking in PoD code [XSA-247, CVE-2017-17045] * Sun Nov 19 2017 Michael Young - 4.8.2-7 - incomplete adaption of new XSA-240 patch to Fedora state * Thu Nov 16 2017 Michael Young - 4.8.2-6 - fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue - fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS) * Thu Oct 26 2017 Michael Young - 4.8.2-5 - pin count / page reference race in grant table code [XSA-236, CVE-2017-15597] (#1506693) * Thu Oct 12 2017 Michael Young - 4.8.2-4 - xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237, CVE-2017-15590] DMOP map/unmap missing argument checks [XSA-238, CVE-2017-15591] hypervisor stack leak in x86 I/O intercept code [XSA-239, CVE-2017-15589] Unlimited recursion in linear pagetable de-typing [XSA-240, CVE-2017-15595] Stale TLB entry due to page type release race [XSA-241, CVE-2017-15588] page type reference leak on x86 [XSA-242, CVE-2017-15593] x86: Incorrecthandling of self-linear shadow mappings with translated guests [XSA-243, CVE-2017-15592] x86: Incorrect handling of IST settings during CPU hotplug [XSA-244, CVE-2017-15594] * Tue Oct 3 2017 Michael Young - 4.8.2-3 - ARM: Some memory not scrubbed at boot [XSA-245, CVE-2017-17046] (#1499843) - Qemu: vga: reachable assert failure during during display update [CVE-2017-13673] (#1486591) - Qemu: vga: OOB read access during display update [CVE-2017-13672] (#1486562) * Tue Sep 12 2017 Michael Young - 4.8.2-2 - xen: various flaws (#1490884) Missing NUMA node parameter verification [XSA-231, CVE-2017-14316] Missing check for grant table [XSA-232, CVE-2017-14318] cxenstored: Race in domain cleanup [XSA-233, CVE-2017-14317] insufficient grant unmapping checks for x86 PV guests [XSA-234, CVE-2017-14319] * Wed Sep 6 2017 Michael Young - 4.8.2-1 - update to xen-4.8.2 adjust xen.use.fedora.ipxe.patch and xen.gcc7.fix.patch remove upstream patches * Wed Aug 30 2017 Michael Young - 4.8.1-8 - Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) - Qemu: nbd: segmentation fault due to client non-negotiation [CVE-2017-9524] (#1460173) - Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) - Qemu: exec: oob access during dma operation [CVE-2017-11334] (#1471640) - revised full fix for XSA-226 (regressed 32-bit Dom0 or backend domains) * Wed Aug 23 2017 Michael Young - 4.8.1-7 - full fix for XSA-226, replacing workaround - drop conflict of xendomain and libvirtd as can cause problems (#1398590) - add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) - Qemu: audio: host memory leakage via capture buffer [CVE-2017-8309] (#1446521) - Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561) * Tue Aug 15 2017 Michael Young - 4.8.1-6 - Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) - Qemu: display: cirrus: OOBread access issue [CVE-2017-7718] (#1443444) - xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855] * Tue Jun 20 2017 Michael Young - 4.8.1-4 - xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86: insufficient reference counts during shadow emulation [XSA-219] x86: PKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in event channel poll [XSA-221] (#1463231) stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225] * Mon May 15 2017 Richard W.M. Jones - 4.8.1-3 - Rebuild for OCaml 4.04.1. --------------------------------------------------------------------------------References: [ 1 ] Bug #1571880 - CVE-2018-10982 xsa261 xen: x86 vHPET interrupt injection errors (XSA-261) https://bugzilla.redhat.com/show_bug.cgi?id=1571880 [ 2 ] Bug #1571881 - CVE-2018-10981 xsa262 xen: qemu may drive Xen into unbounded loop (XSA-262) https://bugzilla.redhat.com/show_bug.cgi?id=1571881 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-7cd077ddd3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/GXFPXZZ4KQ6AGMTQLMLDRU2CQ4SRCPWK/ . Fedora 26 receives a crucial security patch targeting various vulnerabilities in Xen, specifically focusing on debug exception handling and interrupt management anomalies.. Fedora Security Update,Xen Security Issues,Fedora 26 Update,Xen Hypervisor Fixes. . Severity: Critical. LinuxSecurity.com Team

May 27, 2018 •Critical Fedora