{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "x86: Privilege escalation in PV guests [XSA-182, CVE-2016-6258]\nx86: Missing SMAP whitelisting in 32-bit exception / event delivery\n[XSA-183, CVE-2016-6259]\nvirtio: unbounded memory allocation issue [XSA-184, CVE-2016-5403]\nQemu: scsi: esp: OOB write access in esp_do_dma [CVE-2016-6351]", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2016-07-28 19:04:58", "date_modified": null, "date_approved": null, "date_testing": "2016-07-29 02:58:07", "date_stable": "2016-08-08 17:17:53", "alias": "FEDORA-2016-0049aa6e5d", "test_gating_status": null, "from_tag": null, "date_pushed": "2016-08-08 17:17:53", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2016-0049aa6e5d", "title": "xen-4.5.3-9.fc23", "version_hash": "889fac924014479730792f3eb6848d53fe931a3a", "release": {"name": "F23", "long_name": "Fedora 23", "version": "23", "id_prefix": "FEDORA", "branch": "f23", "dist_tag": "f23", "stable_tag": "f23-updates", "testing_tag": "f23-updates-testing", "candidate_tag": "f23-updates-candidate", "pending_signing_tag": "f23-signing-pending", "pending_testing_tag": "f23-updates-testing-pending", "pending_stable_tag": "f23-updates-pending", "override_tag": "f23-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "myoung", "email": "m.a.young@durham.ac.uk", "id": 129, "avatar": "https://seccdn.libravatar.org/avatar/cafef3050bdaacd4f890e9dfb2c45ae779cd95d6f836095f281368927146a63a?s=24&d=retro", "openid": "myoung.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by myoung. ", "timestamp": "2016-07-28 19:04:58", "update_id": 63448, "user_id": 91, "id": 464749, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2016-07-29 03:56:11", "update_id": 63448, "user_id": 91, "id": 464863, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2016-08-05 06:00:24", "update_id": 63448, "user_id": 91, "id": 467349, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by myoung. ", "timestamp": "2016-08-05 23:03:11", "update_id": 63448, "user_id": 91, "id": 467755, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2016-08-08 23:57:39", "update_id": 63448, "user_id": 91, "id": 468391, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "bug_feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1360358, "bug": {"bug_id": 1360358, "title": "CVE-2016-6258 xsa182 xen: x86: Privilege escalation in PV guests (XSA-182) [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 469334, "bug_id": 1360359, "bug": {"bug_id": 1360359, "title": "CVE-2016-6259 xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 469334, "bug_id": 1360831, "bug": {"bug_id": 1360831, "title": "CVE-2016-5403 xen: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 469334, "bug_id": 1360599, "bug": {"bug_id": 1360599, "title": "CVE-2016-6351 Qemu: scsi: esp: OOB write access in esp_do_dma", "security": true, "parent": true}}, {"karma": 0, "comment_id": 469334, "bug_id": 1355987, "bug": {"bug_id": 1355987, "title": "CVE-2016-6258 xsa182 xen: x86: Privilege escalation in PV guests (XSA-182)", "security": true, "parent": true}}, {"karma": 0, "comment_id": 469334, "bug_id": 1355983, "bug": {"bug_id": 1355983, "title": "CVE-2016-6259 xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183)", "security": true, "parent": true}}, {"karma": 0, "comment_id": 469334, "bug_id": 1358359, "bug": {"bug_id": 1358359, "title": "CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS", "security": true, "parent": true}}], "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "bug_feedback": [{"karma": 0, "comment_id": 472132, "bug_id": 1360358, "bug": {"bug_id": 1360358, "title": "CVE-2016-6258 xsa182 xen: x86: Privilege escalation in PV guests (XSA-182) [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360359, "bug": {"bug_id": 1360359, "title": "CVE-2016-6259 xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360831, "bug": {"bug_id": 1360831, "title": "CVE-2016-5403 xen: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360599, "bug": {"bug_id": 1360599, "title": "CVE-2016-6351 Qemu: scsi: esp: OOB write access in esp_do_dma", "security": true, "parent": true}}, {"karma": 0, "comment_id": 472132, "bug_id": 1355987, "bug": {"bug_id": 1355987, "title": "CVE-2016-6258 xsa182 xen: x86: Privilege escalation in PV guests (XSA-182)", "security": true, "parent": true}}, {"karma": 0, "comment_id": 472132, "bug_id": 1355983, "bug": {"bug_id": 1355983, "title": "CVE-2016-6259 xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183)", "security": true, "parent": true}}, {"karma": 0, "comment_id": 472132, "bug_id": 1358359, "bug": {"bug_id": 1358359, "title": "CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS", "security": true, "parent": true}}], "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "xen-4.5.3-9.fc23", "signed": true, "release_id": 11, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1355983, "title": "CVE-2016-6259 xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183)", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1355983, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1355983, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1355987, "title": "CVE-2016-6258 xsa182 xen: x86: Privilege escalation in PV guests (XSA-182)", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1355987, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1355987, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1358359, "title": "CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1358359, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1358359, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1360358, "title": "CVE-2016-6258 xsa182 xen: x86: Privilege escalation in PV guests (XSA-182) [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1360358, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360358, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1360359, "title": "CVE-2016-6259 xsa183 xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1360359, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360359, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1360599, "title": "CVE-2016-6351 Qemu: scsi: esp: OOB write access in esp_do_dma", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 508194, "bug_id": 1360599, "comment": {"karma": 1, "karma_critpath": 0, "text": "No regressions noted. (Includes use of various USB and vmware_vga.)", "timestamp": "2016-10-16 22:00:32", "update_id": 70593, "user_id": 194, "id": 508194, "testcase_feedback": [], "user": {"name": "dhgutteridge", "email": "dhgutteridge@hotmail.com", "id": 194, "avatar": "https://seccdn.libravatar.org/avatar/95e7a46aa03707373935111628c2b387339f570b9175d20455a53fd00acafbcb?s=24&d=retro", "openid": "dhgutteridge.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 508251, "bug_id": 1360599, "comment": {"karma": 0, "karma_critpath": 0, "text": "\n\nOn trying to install using dnf, I got:\n\nError: package qemu-user-static-2:2.6.2-2.fc24.x86_64 conflicts with qemu-user-binfmt provided by qemu-user-binfmt-2:2.6.2-2.fc24.x86_64\n\nBoth these were download by bodhi!!!!", "timestamp": "2016-10-17 03:14:40", "update_id": 70593, "user_id": 3140, "id": 508251, "testcase_feedback": [], "user": {"name": "nivag", "email": "gavinflower@archidevsys.co.nz", "id": 3140, "avatar": "https://seccdn.libravatar.org/avatar/3b2cadf03ed7eee77776f33fd54d79c59d4d52a1ff91562d2b334680c274347b?s=24&d=retro", "openid": "nivag.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 469334, "bug_id": 1360599, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360599, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1360831, "title": "CVE-2016-5403 xen: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 469334, "bug_id": 1360831, "comment": {"karma": 0, "karma_critpath": 0, "text": "After this patch update, how to validate the patch is effective?", "timestamp": "2016-08-10 08:01:10", "update_id": 63448, "user_id": 207, "id": 469334, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 472132, "bug_id": 1360831, "comment": {"karma": 0, "karma_critpath": 0, "text": "Problem: if I create a HVM Windows VM and then issue an \"xl shutdown VM\" the machine remains in ---s-- state, even if I leave the default behavior or configure it as on_poweroff = 'destroy'.\n\nEven the last XEN package has this behaviour. I tried \"old\" signed windows xen PV driver, and also the latest git.\nIt's only my problem?", "timestamp": "2016-08-16 10:22:39", "update_id": 63448, "user_id": 207, "id": 472132, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-2016-0049aa6e5d", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}