FEDORA-2017-ed735463e3

security update in Fedora 25 for xen

Status: stable 2 years ago

Qemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) revised full fix for XSA-226 (regressed 32-bit Dom0 or backend domains)


full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio: host memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561)


Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]

Comments 8

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.7.3-3.fc25, and has inherited its bugs and notes.

This update has been pushed to testing.

no regressions noted

karma: +1

works for me in a VM

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by myoung.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 17

00 #1398590 libvirtd doesn't start after reboot even though it's 'enabled'
00 #1416162 CVE-2017-5579 xen: Qemu: serial: host memory leakage 16550A UART emulation [fedora-all]
00 #1443444 CVE-2017-7718 xen: Qemu: display: cirrus: OOB read access issue [fedora-all]
00 #1446517 CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
00 #1446521 CVE-2017-8309 xen: Qemu: audio: host memory lekage via capture buffer [fedora-all]
00 #1446547 CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
00 #1446561 CVE-2017-8379 xen: Qemu: input: host memory lekage via keyboard events [fedora-all]
00 #1457697 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value
00 #1457698 CVE-2017-9330 xen: Qemu: usb: ohci: infinite loop due to incorrect return value [fedora-all]
00 #1466190 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
00 #1466466 CVE-2017-10664 xen: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [fedora-all]
00 #1477651 CVE-2017-12136 xsa228 xen: grant_table: Race conditions with maptrack free list handling (XSA-228)
00 #1477655 CVE-2017-12135 xsa226 xen: possibly unbounded recursion in grant table code (XSA-226)
00 #1477657 CVE-2017-12137 xsa227 xen: x86: PV privilege escalation via map_grant_ref (XSA-227)
00 #1481762 CVE-2017-12855 xsa230 CVE-2017-12855 xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230)
00 #1481765 CVE-2017-12134 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 xen: various flaws [fedora-all]
00 #1484476 xsa235 xen: add-to-physmap error paths fail to release lock on ARM

Automated Test Results