FEDORA-2017-978bebe3a7

security update in Fedora 25 for xen

Status: obsolete

full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio: host memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561)


Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]

Comments 5

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.7.3-2.fc25, and has inherited its bugs and notes.

This update has been pushed to testing.

no regressions noted

karma: +1

This update has been obsoleted by xen-4.7.3-4.fc25.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago

Related Bugs 13

00 #1398590 libvirtd doesn't start after reboot even though it's 'enabled'
00 #1416162 CVE-2017-5579 xen: Qemu: serial: host memory leakage 16550A UART emulation [fedora-all]
00 #1443444 CVE-2017-7718 xen: Qemu: display: cirrus: OOB read access issue [fedora-all]
00 #1446517 CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
00 #1446521 CVE-2017-8309 xen: Qemu: audio: host memory lekage via capture buffer [fedora-all]
00 #1446547 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
00 #1446561 CVE-2017-8379 xen: Qemu: input: host memory lekage via keyboard events [fedora-all]
00 #1477651 CVE-2017-12136 xsa228 xen: grant_table: Race conditions with maptrack free list handling (XSA-228)
00 #1477655 CVE-2017-12135 xsa226 xen: possibly unbounded recursion in grant table code (XSA-226)
00 #1477657 CVE-2017-12137 xsa227 xen: x86: PV privilege escalation via map_grant_ref (XSA-227)
00 #1481762 CVE-2017-12855 xsa230 CVE-2017-12855 xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230)
00 #1481765 CVE-2017-12134 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 xen: various flaws [fedora-all]
00 #1484476 xsa235 xen: add-to-physmap error paths fail to release lock on ARM

Automated Test Results