FEDORA-2017-5bcddc1984

security update in Fedora 26 for xen

Status: stable 2 years ago

xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing [XSA-240] Stale TLB entry due to page type release race [XSA-241] page type reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow mappings with translated guests [XSA-243] x86: Incorrect handling of IST settings during CPU hotplug [XSA-244]


ARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable assert failure during during display update [CVE-2017-13673] (#1486591) Qemu: vga: OOB read access during display update [CVE-2017-13672] (#1486562)

Comments 9

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.8.2-3.fc26, and has inherited its bugs and notes.

This update has been pushed to testing.

works for me

karma: +1

Works

karma: +1

no regressions noted

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 15

00 #1486560 CVE-2017-13672 Qemu: vga: OOB read access during display update
00 #1486562 CVE-2017-13672 xen: Qemu: vga: OOB read access during display update [fedora-all]
00 #1486588 CVE-2017-13673 Qemu: vga: reachable assert failure during during display update
00 #1486591 CVE-2017-13673 xen: Qemu: vga: reachable assert failure during during display update [fedora-all]
00 #1499817 CVE-2017-15590 xsa237 xen: multiple MSI mapping issues on x86 (XSA-237)
00 #1499818 CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238)
00 #1499819 CVE-2017-15589 xsa239 xen: hypervisor stack leak in x86 I/O intercept code (XSA-239)
00 #1499820 CVE-2017-15595 xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240)
00 #1499821 CVE-2017-15588 xsa241 xen: Stale TLB entry due to page type release race (XSA-241)
00 #1499822 CVE-2017-15593 xsa242 xen: page type reference leak on x86 (XSA-242)
00 #1499823 CVE-2017-15592 xsa243 xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243)
00 #1499824 CVE-2017-15594 xsa244 xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244)
00 #1499825 xsa245 xen: ARM: Some memory not scrubbed at boot (XSA-245)
00 #1499843 xsa245 xen: ARM: Some memory not scrubbed at boot (XSA-245) [fedora-all]
00 #1501391 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 xen: various flaws [fedora-all]

Automated Test Results