FEDORA-2018-c553a586c8 created by myoung 2 years ago for Fedora 27
stable

add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572)

How to install

sudo dnf upgrade --advisory=FEDORA-2018-c553a586c8

This update has been submitted for testing by myoung.

2 years ago

This update has been pushed to testing.

2 years ago

Dom0 boots notably slower. Is there nopti kernel option analogue for Xen page-table isolation?

Looks like a bit faster boot with xpti=false.

User Icon mhayden commented & provided feedback 2 years ago
karma

No issues.

User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

This update has been submitted for batched by bodhi.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1544453 CVE-2018-7542 xsa256 xen: x86 PVH guest without LAPIC may DoS the host (XSA-256)
0
0
BZ#1544456 CVE-2018-7540 xsa252 xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252)
0
0
BZ#1544459 CVE-2018-7541 xsa255 xen: grant table v2 -> v1 transition may crash Xen (XSA-255)
0
0
BZ#1549568 CVE-2018-7540 xen: xsa252 xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) [fedora-all]
0
0
BZ#1549570 CVE-2018-7541 xen: xsa255 xen: grant table v2 -> v1 transition may crash Xen (XSA-255) [fedora-all]
0
0
BZ#1549572 CVE-2018-7542 xen: xsa256 xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) [fedora-all]
0
0

Automated Test Results