You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa xen

Sigurnosni nedostatak programskog paketa xen

——————————————————————————–
Fedora Update Notification
FEDORA-2020-5398bfb466
2020-11-12 03:15:20.248463
——————————————————————————–

Name : xen
Product : Fedora 32
Version : 4.13.2
Release : 1.fc32
URL : https://protect2.fireeye.com/v1/url?k=d7035749-889f4d57-d704ca85-000babd90757-af3e4412e777465a&q=1&e=8301559b-f2e0-401d-9f4a-4af5c0222482&u=http%3A%2F%2Fxen.org%2F
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

——————————————————————————–
Update Information:

update to xen-4.13.2 —- x86 PV guest INVLPG-like flushes may leave stale TLB
entries [XSA-286, CVE-2020-27674] (#1891092)
——————————————————————————–
ChangeLog:

* Tue Nov 3 2020 Michael Young <m.a.young@durham.ac.uk> – 4.13.2-1
– update to 4.13.2
remove patches now included or superceded upstream
* Wed Oct 28 2020 Michael Young <m.a.young@durham.ac.uk> – 4.13.1-8
– x86 PV guest INVLPG-like flushes may leave stale TLB entries
[XSA-286, CVE-2020-27674] (#1891092)
——————————————————————————–
References:

[ 1 ] Bug #1891089 – CVE-2020-27674 xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
https://bugzilla.redhat.com/show_bug.cgi?id=1891089
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-5398bfb466’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=bbe6f365-e47ae97b-bbe16ea9-000babd90757-66bc3d2ba2a992b7&q=1&e=8301559b-f2e0-401d-9f4a-4af5c0222482&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-ec84c1565b
2020-11-12 03:05:39.155788
——————————————————————————–

Name : xen
Product : Fedora 33
Version : 4.14.0
Release : 9.fc33
URL : https://protect2.fireeye.com/v1/url?k=b55a88c9-eac692d7-b55d1505-000babd90757-671f11187ea04302&q=1&e=46103ab2-0a50-42ac-aba2-9eeeda93a14b&u=http%3A%2F%2Fxen.org%2F
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

——————————————————————————–
Update Information:

revised patch for XSA-286 (mitigating performance impact) —- x86 PV guest
INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674]
(#1891092) simplify grub scripts (patches from Thierry Vignaud
<tvignaud@redhat.com>) some fixes for gcc 11
——————————————————————————–
ChangeLog:

* Tue Nov 3 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-9
– revised patch for XSA-286 (mitigating performance impact)
* Fri Oct 30 2020 Jeff Law <law@redhat.com> – 4.14.0-8
– Work around gcc-11 stringop-overflow diagnostics as well
* Wed Oct 28 2020 Michael Young <m.a.young@durham.ac.uk> – 4.14.0-7
– x86 PV guest INVLPG-like flushes may leave stale TLB entries
[XSA-286, CVE-2020-27674] (#1891092)
– simplify grub scripts (patches from Thierry Vignaud <tvignaud@redhat.com>)
– some fixes for gcc 11
——————————————————————————–
References:

[ 1 ] Bug #1891089 – CVE-2020-27674 xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
https://bugzilla.redhat.com/show_bug.cgi?id=1891089
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-ec84c1565b’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=0524ff23-5ab8e53d-052362ef-000babd90757-7e4cbaf770a825f0&q=1&e=46103ab2-0a50-42ac-aba2-9eeeda93a14b&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa raptor2

Otkriven je sigurnosni nedostatak u programskom paketu raptor2 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja...

Close