FEDORA-2017-d4709b0d8b

security update in Fedora 25 for xen

Status: stable 2 years ago

xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing [XSA-240] Stale TLB entry due to page type release race [XSA-241] page type reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow mappings with translated guests [XSA-243] x86: Incorrect handling of IST settings during CPU hotplug [XSA-244]


ARM: Some memory not scrubbed at boot [XSA-245] Qemu: vga: reachable assert failure during during display update [CVE-2017-13673] (#1486591) Qemu: vga: OOB read access during display update [CVE-2017-13672] (#1486562)

Comments 9

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.7.3-6.fc25, and has inherited its bugs and notes.

This update has been pushed to testing.

works for me in a VMj

karma: +1

no regressions noted

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by myoung.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 15

00 #1486560 CVE-2017-13672 Qemu: vga: OOB read access during display update
00 #1486562 CVE-2017-13672 xen: Qemu: vga: OOB read access during display update [fedora-all]
00 #1486588 CVE-2017-13673 Qemu: vga: reachable assert failure during during display update
00 #1486591 CVE-2017-13673 xen: Qemu: vga: reachable assert failure during during display update [fedora-all]
00 #1499817 CVE-2017-15590 xsa237 xen: multiple MSI mapping issues on x86 (XSA-237)
00 #1499818 CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238)
00 #1499819 CVE-2017-15589 xsa239 xen: hypervisor stack leak in x86 I/O intercept code (XSA-239)
00 #1499820 CVE-2017-15595 xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240)
00 #1499821 CVE-2017-15588 xsa241 xen: Stale TLB entry due to page type release race (XSA-241)
00 #1499822 CVE-2017-15593 xsa242 xen: page type reference leak on x86 (XSA-242)
00 #1499823 CVE-2017-15592 xsa243 xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243)
00 #1499824 CVE-2017-15594 xsa244 xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244)
00 #1499825 xsa245 xen: ARM: Some memory not scrubbed at boot (XSA-245)
00 #1499843 xsa245 xen: ARM: Some memory not scrubbed at boot (XSA-245) [fedora-all]
00 #1501391 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 xen: various flaws [fedora-all]

Automated Test Results