You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa xen

Sigurnosni nedostaci programskog paketa xen

——————————————————————————–
Fedora Update Notification
FEDORA-2020-df772b417b
2020-12-25 01:25:28.437759
——————————————————————————–

Name : xen
Product : Fedora 32
Version : 4.13.2
Release : 5.fc32
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

——————————————————————————–
Update Information:

xenstore watch notifications lacking permission checks [XSA-115, CVE-2020-29480]
(#1908091) Xenstore: new domains inheriting existing node permissions [XSA-322,
CVE-2020-29481] (#1908095) Xenstore: wrong path length check [XSA-323,
CVE-2020-29482] (#1908096) Xenstore: guests can crash xenstored via watchs
[XSA-324, CVE-2020-29484] (#1908088) Xenstore: guests can disturb domain cleanup
[XSA-325, CVE-2020-29483] (#1908087) oxenstored memory leak in reset_watches
[XSA-330, CVE-2020-29485] (#1908000) undue recursion in x86 HVM context switch
code [XSA-348, CVE-2020-29566] (#1908085) oxenstored: node ownership can be
changed by unprivileged clients [XSA-352, CVE-2020-29486] (#1908003) oxenstored:
permissions not checked on root node [XSA-353, CVE-2020-29479] (#1908002) FIFO
event channels control block related ordering [XSA-358, CVE-2020-29570]
(#1907931) FIFO event channels control structure ordering [XSA-359,
CVE-2020-29571] (#1908089)
——————————————————————————–
ChangeLog:

* Wed Dec 16 2020 Michael Young <m.a.young@durham.ac.uk> – 4.13.2-5
– xenstore watch notifications lacking permission checks [XSA-115,
CVE-2020-29480] (#1908091)
– Xenstore: new domains inheriting existing node permissions [XSA-322,
CVE-2020-29481] (#1908095)
– Xenstore: wrong path length check [XSA-323, CVE-2020-29482] (#1908096)
– Xenstore: guests can crash xenstored via watchs [XSA-324, CVE-2020-29484]
(#1908088)
– Xenstore: guests can disturb domain cleanup [XSA-325, CVE-2020-29483]
(#1908087)
– oxenstored memory leak in reset_watches [XSA-330, CVE-2020-29485]
(#1908000)
– undue recursion in x86 HVM context switch code [XSA-348, CVE-2020-29566]
(#1908085)
– oxenstored: node ownership can be changed by unprivileged clients
[XSA-352, CVE-2020-29486] (#1908003)
– oxenstored: permissions not checked on root node [XSA-353, CVE-2020-29479]
(#1908002)
– FIFO event channels control block related ordering [XSA-358,
CVE-2020-29570] (#1907931)
– FIFO event channels control structure ordering [XSA-359, CVE-2020-29571]
(#1908089)
——————————————————————————–
References:

[ 1 ] Bug #1905623 – CVE-2020-29485 xen: oxenstored memory leak in reset_watches (XSA-330)
https://bugzilla.redhat.com/show_bug.cgi?id=1905623
[ 2 ] Bug #1905626 – CVE-2020-29482 xen: Xenstore: wrong path length check (XSA-323)
https://bugzilla.redhat.com/show_bug.cgi?id=1905626
[ 3 ] Bug #1905632 – CVE-2020-29481 xen: Xenstore: new domains inheriting existing node permissions (XSA-322)
https://bugzilla.redhat.com/show_bug.cgi?id=1905632
[ 4 ] Bug #1905635 – CVE-2020-29484 xen: Xenstore: guests can crash xenstored via watchs (XSA-324)
https://bugzilla.redhat.com/show_bug.cgi?id=1905635
[ 5 ] Bug #1905648 – CVE-2020-29483 xen: Xenstore: guests can disturb domain cleanup (XSA-325)
https://bugzilla.redhat.com/show_bug.cgi?id=1905648
[ 6 ] Bug #1905652 – CVE-2020-29486 xen: oxenstored: node ownership can be changed by unprivileged clients (XSA-352)
https://bugzilla.redhat.com/show_bug.cgi?id=1905652
[ 7 ] Bug #1905668 – CVE-2020-29479 xen: oxenstored: permissions not checked on root node (XSA-353)
https://bugzilla.redhat.com/show_bug.cgi?id=1905668
[ 8 ] Bug #1905669 – CVE-2020-29566 xen: undue recursion in x86 HVM context switch code (XSA-348)
https://bugzilla.redhat.com/show_bug.cgi?id=1905669
[ 9 ] Bug #1905672 – CVE-2020-29480 xen: xenstore watch notifications lacking permission checks (XSA-115)
https://bugzilla.redhat.com/show_bug.cgi?id=1905672
[ 10 ] Bug #1905675 – CVE-2020-29570 xen: FIFO event channels control block related ordering (XSA-358)
https://bugzilla.redhat.com/show_bug.cgi?id=1905675
[ 11 ] Bug #1905676 – CVE-2020-29571 xen: FIFO event channels control structure ordering
https://bugzilla.redhat.com/show_bug.cgi?id=1905676
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-df772b417b’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-64859a826b
2020-12-25 01:21:55.445209
——————————————————————————–

Name : xen
Product : Fedora 33
Version : 4.14.0
Release : 14.fc33
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

——————————————————————————–
Update Information:

xenstore watch notifications lacking permission checks [XSA-115, CVE-2020-29480]
(#1908091) Xenstore: new domains inheriting existing node permissions [XSA-322,
CVE-2020-29481] (#1908095) Xenstore: wrong path length check [XSA-323,
CVE-2020-29482] (#1908096) Xenstore: guests can crash xenstored via watchs
[XSA-324, CVE-2020-29484] (#1908088) Xenstore: guests can disturb domain cleanup
[XSA-325, CVE-2020-29483] (#1908087) oxenstored memory leak in reset_watches
[XSA-330, CVE-2020-29485] (#1908000) undue recursion in x86 HVM context switch
code [XSA-348, CVE-2020-29566] (#1908085) oxenstored: node ownership can be
changed by unprivileged clients [XSA-352, CVE-2020-29486] (#1908003) oxenstored:
permissions not checked on root node [XSA-353, CVE-2020-29479] (#1908002)
infinite loop when cleaning up IRQ vectors [XSA-356, CVE-2020-29567] (#1907932)
FIFO event channels control block related ordering [XSA-358, CVE-2020-29570]
(#1907931) FIFO event channels control structure ordering [XSA-359,
CVE-2020-29571] (#1908089)
——————————————————————————–
ChangeLog:

* Tue Dec 15 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-14
– xenstore watch notifications lacking permission checks [XSA-115,
CVE-2020-29480] (#1908091)
– Xenstore: new domains inheriting existing node permissions [XSA-322,
CVE-2020-29481] (#1908095)
– Xenstore: wrong path length check [XSA-323, CVE-2020-29482] (#1908096)
– Xenstore: guests can crash xenstored via watchs [XSA-324, CVE-2020-29484]
(#1908088)
– Xenstore: guests can disturb domain cleanup [XSA-325, CVE-2020-29483]
(#1905648)
– oxenstored memory leak in reset_watches [XSA-330, CVE-2020-29485]
(#1908000)
– undue recursion in x86 HVM context switch code [XSA-348, CVE-2020-29566]
(#1908085)
– oxenstored: node ownership can be changed by unprivileged clients
[XSA-352, CVE-2020-29486] (#1908003)
– oxenstored: permissions not checked on root node [XSA-353, CVE-2020-29479]
(#1908003)
– infinite loop when cleaning up IRQ vectors [XSA-356, CVE-2020-29567]
(#1907932)
– FIFO event channels control block related ordering [XSA-358,
CVE-2020-29570] (#1907931)
– FIFO event channels control structure ordering [XSA-359, CVE-2020-29571]
(#1908089)
* Sat Dec 5 2020 Jeff Law <law@redhat.com> – 4.14.0-13
– Work around another gcc-11 stringop-overflow diagnostic
——————————————————————————–
References:

[ 1 ] Bug #1905623 – CVE-2020-29485 xen: oxenstored memory leak in reset_watches (XSA-330)
https://bugzilla.redhat.com/show_bug.cgi?id=1905623
[ 2 ] Bug #1905626 – CVE-2020-29482 xen: Xenstore: wrong path length check (XSA-323)
https://bugzilla.redhat.com/show_bug.cgi?id=1905626
[ 3 ] Bug #1905632 – CVE-2020-29481 xen: Xenstore: new domains inheriting existing node permissions (XSA-322)
https://bugzilla.redhat.com/show_bug.cgi?id=1905632
[ 4 ] Bug #1905635 – CVE-2020-29484 xen: Xenstore: guests can crash xenstored via watchs (XSA-324)
https://bugzilla.redhat.com/show_bug.cgi?id=1905635
[ 5 ] Bug #1905648 – CVE-2020-29483 xen: Xenstore: guests can disturb domain cleanup (XSA-325)
https://bugzilla.redhat.com/show_bug.cgi?id=1905648
[ 6 ] Bug #1905652 – CVE-2020-29486 xen: oxenstored: node ownership can be changed by unprivileged clients (XSA-352)
https://bugzilla.redhat.com/show_bug.cgi?id=1905652
[ 7 ] Bug #1905656 – CVE-2020-29567 xen: infinite loop when cleaning up IRQ vectors (XSA-356)
https://bugzilla.redhat.com/show_bug.cgi?id=1905656
[ 8 ] Bug #1905668 – CVE-2020-29479 xen: oxenstored: permissions not checked on root node (XSA-353)
https://bugzilla.redhat.com/show_bug.cgi?id=1905668
[ 9 ] Bug #1905669 – CVE-2020-29566 xen: undue recursion in x86 HVM context switch code (XSA-348)
https://bugzilla.redhat.com/show_bug.cgi?id=1905669
[ 10 ] Bug #1905672 – CVE-2020-29480 xen: xenstore watch notifications lacking permission checks (XSA-115)
https://bugzilla.redhat.com/show_bug.cgi?id=1905672
[ 11 ] Bug #1905675 – CVE-2020-29570 xen: FIFO event channels control block related ordering (XSA-358)
https://bugzilla.redhat.com/show_bug.cgi?id=1905675
[ 12 ] Bug #1905676 – CVE-2020-29571 xen: FIFO event channels control structure ordering
https://bugzilla.redhat.com/show_bug.cgi?id=1905676
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-64859a826b’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa slurm

Otkriveni su sigurnosni nedostaci u programskom paketu slurm za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close