You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa xen

Sigurnosni nedostaci programskog paketa xen

——————————————————————————–
Fedora Update Notification
FEDORA-2020-306b84fd07
2020-09-27 00:15:19.880716
——————————————————————————–

Name : xen
Product : Fedora 33
Version : 4.14.0
Release : 5.fc33
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

——————————————————————————–
Update Information:

x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path
[XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM
vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back
hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event
channels may not turn invalid [XSA-338, CVE-2020-25597] (#1881588) x86 pv guest
kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (#1881617) Missing memory
barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603]
(#1881583) out of bounds event channels available to 32-bit x86 domains
[XSA-342, CVE-2020-25600] (#1881582) races with evtchn_reset() [XSA-343,
CVE-2020-25599] (#1881581) lack of preemption in evtchn_reset() /
evtchn_destroy() [XSA-344, CVE-2020-25601] (#1881586)
——————————————————————————–
ChangeLog:

* Tue Sep 22 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-5
– x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
CVE-2020-25602] (#1881619)
– Missing unlock in XENMEM_acquire_resource error path [XSA-334,
CVE-2020-25598] (#1881616)
– race when migrating timers between x86 HVM vCPU-s [XSA-336,
CVE-2020-25604] (#1881618)
– PCI passthrough code reading back hardware registers [XSA-337,
CVE-2020-25595] (#1881587)
– once valid event channels may not turn invalid [XSA-338, CVE-2020-25597]
(#1881588)
– x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596]
(#1881617)
– Missing memory barriers when accessing/allocating an event channel [XSA-340,
CVE-2020-25603] (#1881583)
– out of bounds event channels available to 32-bit x86 domains [XSA-342,
CVE-2020-25600] (#1881582)
– races with evtchn_reset() [XSA-343, CVE-2020-25599] (#1881581)
– lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344,
CVE-2020-25601] (#1881586)
* Thu Sep 3 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-4
– rebuild for OCaml 4.11.1
——————————————————————————–
References:

[ 1 ] Bug #1877366 – CVE-2020-25603 xen: missing memory barriers when accessing/allocating an event channel (XSA-340)
https://bugzilla.redhat.com/show_bug.cgi?id=1877366
[ 2 ] Bug #1877369 – CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337)
https://bugzilla.redhat.com/show_bug.cgi?id=1877369
[ 3 ] Bug #1877378 – CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344)
https://bugzilla.redhat.com/show_bug.cgi?id=1877378
[ 4 ] Bug #1877382 – CVE-2020-25604 xen: race when migrating timers between x86 HVM vCPU-s (XSA-336)
https://bugzilla.redhat.com/show_bug.cgi?id=1877382
[ 5 ] Bug #1877383 – CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334)
https://bugzilla.redhat.com/show_bug.cgi?id=1877383
[ 6 ] Bug #1879553 – CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338)
https://bugzilla.redhat.com/show_bug.cgi?id=1879553
[ 7 ] Bug #1879567 – CVE-2020-25599 xen: races with evtchn_reset function (XSA-343)
https://bugzilla.redhat.com/show_bug.cgi?id=1879567
[ 8 ] Bug #1880137 – CVE-2020-25596 xen: x86 pv guest kernel DoS via SYSENTER (XSA-339)
https://bugzilla.redhat.com/show_bug.cgi?id=1880137
[ 9 ] Bug #1880156 – CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)
https://bugzilla.redhat.com/show_bug.cgi?id=1880156
[ 10 ] Bug #1880158 – CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333)
https://bugzilla.redhat.com/show_bug.cgi?id=1880158
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-306b84fd07’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke LibRaw

Otkriven je sigurnosni nedostatak programske biblioteke LibRaw za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda....

Close