FEDORA-2019-bce6498890

security update in Fedora 28 for xen

Status: stable 7 months ago

xen: various flaws (#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU discipline [XSA-288] missing preemption in x86 PV page table unvalidation [XSA-290] x86/PV: page type reference counting issue with failed IOMMU update [XSA-291] x86: insufficient TLB flushing when using PCID [XSA-292] x86: PV kernel context switch corruption [XSA-293] x86 shadow: Insufficient TLB flushing when using PCID [XSA-294]


update to xen-4.10.3


  • insufficient TLB flushing / improper large page mappings with AMD IOMMUs [XSA-275] (#1651665)
  • x86: DoS from attempting to use INVPCID with a non-canonical addresses [XSA-279]
  • Fix for XSA-240 conflicts with shadow paging [XSA-280]

guest use of HLE constructs may lock up host [XSA-282]

How to install

sudo dnf upgrade --advisory=FEDORA-2019-bce6498890

Comments 8

This update has been submitted for testing by myoung.

This update has obsoleted xen-4.10.3-1.fc28, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by myoung.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 7 months ago
in testing 7 months ago
in stable 7 months ago

Related Bugs 16

00 #1647573 CVE-2018-19961 CVE-2018-19962 xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs
00 #1647588 CVE-2018-19965 xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses
00 #1651665 xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs [fedora-all]
00 #1651970 xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses [fedora-all]
00 #1652235 CVE-2018-19966 xsa280 xen: Conflicts with shadow paging due to XSA-240 incomplete fix (XSA-280)
00 #1652251 CVE-2018-19963 CVE-2018-19964 CVE-2018-19966 xen: various flaws [fedora-all]
00 #1679321 xen: xsa288: Inconsistent PV IOMMU discipline
00 #1679326 xen: xsa292: insufficient TLB flushing when using PCID
00 #1679327 xen: xsa293: PV kernel context switch corruption
00 #1679328 xen: xsa287: steal_page violates page_struct access discipline
00 #1679332 xen: xsa285: race with pass-through device hotplug
00 #1679334 xen: xsa290: missing preemption in x86 PV page table unvalidation
00 #1683956 xen: xsa294: Insufficient TLB flushing when using PCID
00 #1685568 xen: xsa284: grant table transfer issues on large hosts
00 #1685570 xen: xsa291: x86/PV: page type reference counting issue with failed IOMMU update
00 #1685577 xen: various flaws [fedora-all]

Automated Test Results