Mehrere Probleme in Xen
ID: | FEDORA-2017-c3149b5fcb |
Distribution: | Fedora |
Plattformen: | Fedora 25 |
Datum: | Mi, 12. Juli 2017, 10:04 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10923 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10919 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10912 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10918 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10921 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10922 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10914 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10915 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10913 |
Applikationen: | Xen |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-c3149b5fcb 2017-07-11 18:56:33.206568 -------------------------------------------------------------------------------- Name : xen Product : Fedora 25 Version : 4.7.2 Release : 7.fc25 URL : http://xen.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86: insufficient reference counts during shadow emulation [XSA-219] x86: PKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225] NULL pointer deref in event channel poll [XSA-221] (#1463231) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458870 - CVE-2017-10911 xsa216 xen: blkif responses leak backend stack data (XSA-216) https://bugzilla.redhat.com/show_bug.cgi?id=1458870 [ 2 ] Bug #1458871 - CVE-2017-10912 xsa217 xen: page transfer may allow PV guest to elevate privilege (XSA-217) https://bugzilla.redhat.com/show_bug.cgi?id=1458871 [ 3 ] Bug #1458872 - CVE-2017-10913 CVE-2017-10914 xsa218 xen: Races in the grant table unmap code (XSA-218) https://bugzilla.redhat.com/show_bug.cgi?id=1458872 [ 4 ] Bug #1458873 - CVE-2017-10915 xsa219 xen: x86: insufficient reference counts during shadow emulation (XSA-219) https://bugzilla.redhat.com/show_bug.cgi?id=1458873 [ 5 ] Bug #1458874 - CVE-2017-10916 xsa220 xen: x86: PKRU and BND* leakage between vCPU-s (XSA-220) https://bugzilla.redhat.com/show_bug.cgi?id=1458874 [ 6 ] Bug #1458876 - CVE-2017-10918 xsa222 xen: stale P2M mappings due to insufficient error checking (XSA-222) https://bugzilla.redhat.com/show_bug.cgi?id=1458876 [ 7 ] Bug #1458877 - CVE-2017-10919 xsa223 xen: ARM guest disabling interrupt may crash Xen (XSA-223) https://bugzilla.redhat.com/show_bug.cgi?id=1458877 [ 8 ] Bug #1458878 - CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 xsa224 xen: grant table operations mishandle reference counts (XSA-224) https://bugzilla.redhat.com/show_bug.cgi?id=1458878 [ 9 ] Bug #1459515 - CVE-2017-10923 xsa225 xen: arm: vgic: Out-of-bound access when sending SGIs (XSA-225) https://bugzilla.redhat.com/show_bug.cgi?id=1459515 [ 10 ] Bug #1458875 - CVE-2017-10917 xsa221 xen: NULL pointer deref in event channel poll (XSA-221) https://bugzilla.redhat.com/show_bug.cgi?id=1458875 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |