Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Xen
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Xen
ID: FEDORA-2017-5c6a9b07a3
Distribution: Fedora
Plattformen: Fedora 26
Datum: Sa, 8. Juli 2017, 08:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10918

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2017-5c6a9b07a3
2017-07-07 22:40:59.821685
-------------------------------------------------------------------------------
-

Name : xen
Product : Fedora 26
Version : 4.8.1
Release : 4.fc26
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

-------------------------------------------------------------------------------
-
Update Information:

xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216]
page transfer may allow PV guest to elevate privilege [XSA-217] Races in the
grant table unmap code [XSA-218] x86: insufficient reference counts during
shadow emulation [XSA-219] x86: PKRU and BND* leakage between vCPU-s [XSA-220]
NULL pointer deref in event channel poll [XSA-221] (#1463231) stale P2M
mappings
due to insufficient error checking [XSA-222] ARM guest disabling interrupt may
crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224]
arm: vgic: Out-of-bound access when sending SGIs [XSA-225]
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1458870 - CVE-2017-10911 xsa216 xen: blkif responses leak backend
stack data (XSA-216)
https://bugzilla.redhat.com/show_bug.cgi?id=1458870
[ 2 ] Bug #1458871 - CVE-2017-10912 xsa217 xen: page transfer may allow PV
guest to elevate privilege (XSA-217)
https://bugzilla.redhat.com/show_bug.cgi?id=1458871
[ 3 ] Bug #1458872 - CVE-2017-10913 CVE-2017-10914 xsa218 xen: Races in the
grant table unmap code (XSA-218)
https://bugzilla.redhat.com/show_bug.cgi?id=1458872
[ 4 ] Bug #1458873 - CVE-2017-10915 xsa219 xen: x86: insufficient reference
counts during shadow emulation (XSA-219)
https://bugzilla.redhat.com/show_bug.cgi?id=1458873
[ 5 ] Bug #1458874 - CVE-2017-10916 xsa220 xen: x86: PKRU and BND* leakage
between vCPU-s (XSA-220)
https://bugzilla.redhat.com/show_bug.cgi?id=1458874
[ 6 ] Bug #1458876 - CVE-2017-10918 xsa222 xen: stale P2M mappings due to
insufficient error checking (XSA-222)
https://bugzilla.redhat.com/show_bug.cgi?id=1458876
[ 7 ] Bug #1458877 - CVE-2017-10919 xsa223 xen: ARM guest disabling interrupt
may crash Xen (XSA-223)
https://bugzilla.redhat.com/show_bug.cgi?id=1458877
[ 8 ] Bug #1458878 - CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 xsa224 xen:
grant table operations mishandle reference counts (XSA-224)
https://bugzilla.redhat.com/show_bug.cgi?id=1458878
[ 9 ] Bug #1459515 - CVE-2017-10923 xsa225 xen: arm: vgic: Out-of-bound
access when sending SGIs (XSA-225)
https://bugzilla.redhat.com/show_bug.cgi?id=1459515
[ 10 ] Bug #1458875 - CVE-2017-10917 xsa221 xen: NULL pointer deref in event
channel poll (XSA-221)
https://bugzilla.redhat.com/show_bug.cgi?id=1458875
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade xen' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung