You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa xen

Sigurnosni nedostatak programskog paketa xen

——————————————————————————–
Fedora Update Notification
FEDORA-2018-2fde555d91
2018-11-22 03:20:10.351297
——————————————————————————–

Name : xen
Product : Fedora 29
Version : 4.11.0
Release : 10.fc29
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

——————————————————————————–
Update Information:

insufficient TLB flushing / improper large page mappings with AMD IOMMUs
[XSA-275] (#1651665) resource accounting issues in x86 IOREQ server handling
[XSA-276] x86: incorrect error handling for guest p2m page removals [XSA-277]
x86: DoS from attempting to use INVPCID with a non-canonical addresses [XSA-279]
Fix for XSA-240 conflicts with shadow paging [XSA-280]
——————————————————————————–
ChangeLog:

* Tue Nov 20 2018 Michael Young <m.a.young@durham.ac.uk> – 4.11.0-10
– insufficient TLB flushing / improper large page mappings with AMD IOMMUs
[XSA-275] (#1651665)
– resource accounting issues in x86 IOREQ server handling [XSA-276]
– x86: incorrect error handling for guest p2m page removals [XSA-277]
– x86: DoS from attempting to use INVPCID with a non-canonical addresses
[XSA-279]
– Fix for XSA-240 conflicts with shadow paging [XSA-280]
* Tue Nov 6 2018 Michael Young <m.a.young@durham.ac.uk> – 4.11.0-9
– guest use of HLE constructs may lock up host [XSA-282]
* Wed Oct 24 2018 Michael Young <m.a.young@durham.ac.uk> – 4.11.0-8
– x86: Nested VT-x usable even when disabled [XSA-278, CVE-2018-18883]
(#1643118)
——————————————————————————–
References:

[ 1 ] Bug #1647573 – xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs
https://bugzilla.redhat.com/show_bug.cgi?id=1647573
[ 2 ] Bug #1647588 – xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses
https://bugzilla.redhat.com/show_bug.cgi?id=1647588
[ 3 ] Bug #1652231 – xsa276 xen: resource accounting issues in x86 IOREQ server handling (XSA-276)
https://bugzilla.redhat.com/show_bug.cgi?id=1652231
[ 4 ] Bug #1652227 – xsa277 xen: x86: incorrect error handling for guest p2m page removals (XSA-277)
https://bugzilla.redhat.com/show_bug.cgi?id=1652227
[ 5 ] Bug #1652235 – xsa280 xen: Conflicts with shadow paging due to XSA-240 incomplete fix (XSA-280)
https://bugzilla.redhat.com/show_bug.cgi?id=1652235
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-2fde555d91’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libconfuse

Otkriven je sigurnosni nedostatak programske biblioteke libconfuse za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close