——————————————————————————–
Fedora Update Notification
FEDORA-2020-306b84fd07
2020-09-27 00:15:19.880716
——————————————————————————–
Name : xen
Product : Fedora 33
Version : 4.14.0
Release : 5.fc33
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
——————————————————————————–
Update Information:
x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
CVE-2020-25602] (#1881619) Missing unlock in XENMEM_acquire_resource error path
[XSA-334, CVE-2020-25598] (#1881616) race when migrating timers between x86 HVM
vCPU-s [XSA-336, CVE-2020-25604] (#1881618) PCI passthrough code reading back
hardware registers [XSA-337, CVE-2020-25595] (#1881587) once valid event
channels may not turn invalid [XSA-338, CVE-2020-25597] (#1881588) x86 pv guest
kernel DoS via SYSENTER [XSA-339, CVE-2020-25596] (#1881617) Missing memory
barriers when accessing/allocating an event channel [XSA-340, CVE-2020-25603]
(#1881583) out of bounds event channels available to 32-bit x86 domains
[XSA-342, CVE-2020-25600] (#1881582) races with evtchn_reset() [XSA-343,
CVE-2020-25599] (#1881581) lack of preemption in evtchn_reset() /
evtchn_destroy() [XSA-344, CVE-2020-25601] (#1881586)
——————————————————————————–
ChangeLog:
* Tue Sep 22 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-5
– x86 pv: Crash when handling guest access to MSR_MISC_ENABLE [XSA-333,
CVE-2020-25602] (#1881619)
– Missing unlock in XENMEM_acquire_resource error path [XSA-334,
CVE-2020-25598] (#1881616)
– race when migrating timers between x86 HVM vCPU-s [XSA-336,
CVE-2020-25604] (#1881618)
– PCI passthrough code reading back hardware registers [XSA-337,
CVE-2020-25595] (#1881587)
– once valid event channels may not turn invalid [XSA-338, CVE-2020-25597]
(#1881588)
– x86 pv guest kernel DoS via SYSENTER [XSA-339, CVE-2020-25596]
(#1881617)
– Missing memory barriers when accessing/allocating an event channel [XSA-340,
CVE-2020-25603] (#1881583)
– out of bounds event channels available to 32-bit x86 domains [XSA-342,
CVE-2020-25600] (#1881582)
– races with evtchn_reset() [XSA-343, CVE-2020-25599] (#1881581)
– lack of preemption in evtchn_reset() / evtchn_destroy() [XSA-344,
CVE-2020-25601] (#1881586)
* Thu Sep 3 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-4
– rebuild for OCaml 4.11.1
——————————————————————————–
References:
[ 1 ] Bug #1877366 – CVE-2020-25603 xen: missing memory barriers when accessing/allocating an event channel (XSA-340)
https://bugzilla.redhat.com/show_bug.cgi?id=1877366
[ 2 ] Bug #1877369 – CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337)
https://bugzilla.redhat.com/show_bug.cgi?id=1877369
[ 3 ] Bug #1877378 – CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344)
https://bugzilla.redhat.com/show_bug.cgi?id=1877378
[ 4 ] Bug #1877382 – CVE-2020-25604 xen: race when migrating timers between x86 HVM vCPU-s (XSA-336)
https://bugzilla.redhat.com/show_bug.cgi?id=1877382
[ 5 ] Bug #1877383 – CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334)
https://bugzilla.redhat.com/show_bug.cgi?id=1877383
[ 6 ] Bug #1879553 – CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338)
https://bugzilla.redhat.com/show_bug.cgi?id=1879553
[ 7 ] Bug #1879567 – CVE-2020-25599 xen: races with evtchn_reset function (XSA-343)
https://bugzilla.redhat.com/show_bug.cgi?id=1879567
[ 8 ] Bug #1880137 – CVE-2020-25596 xen: x86 pv guest kernel DoS via SYSENTER (XSA-339)
https://bugzilla.redhat.com/show_bug.cgi?id=1880137
[ 9 ] Bug #1880156 – CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)
https://bugzilla.redhat.com/show_bug.cgi?id=1880156
[ 10 ] Bug #1880158 – CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333)
https://bugzilla.redhat.com/show_bug.cgi?id=1880158
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-306b84fd07’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org