FEDORA-2019-bce6498890 created by myoung 10 months ago for Fedora 28
stable

xen: various flaws (#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU discipline [XSA-288] missing preemption in x86 PV page table unvalidation [XSA-290] x86/PV: page type reference counting issue with failed IOMMU update [XSA-291] x86: insufficient TLB flushing when using PCID [XSA-292] x86: PV kernel context switch corruption [XSA-293] x86 shadow: Insufficient TLB flushing when using PCID [XSA-294]


update to xen-4.10.3


  • insufficient TLB flushing / improper large page mappings with AMD IOMMUs [XSA-275] (#1651665)
  • x86: DoS from attempting to use INVPCID with a non-canonical addresses [XSA-279]
  • Fix for XSA-240 conflicts with shadow paging [XSA-280]

guest use of HLE constructs may lock up host [XSA-282]

How to install

sudo dnf upgrade --advisory=FEDORA-2019-bce6498890

This update has been submitted for testing by myoung.

10 months ago

This update has obsoleted xen-4.10.3-1.fc28, and has inherited its bugs and notes.

10 months ago

This update has been pushed to testing.

10 months ago
User Icon pwalter commented & provided feedback 10 months ago
karma

Works

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

10 months ago

This update has been submitted for batched by myoung.

10 months ago

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
10 months ago
in testing
10 months ago
in stable
10 months ago
BZ#1647573 CVE-2018-19961 CVE-2018-19962 xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs
0
0
BZ#1647588 CVE-2018-19965 xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses
0
0
BZ#1651665 xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs [fedora-all]
0
0
BZ#1651970 xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses [fedora-all]
0
0
BZ#1652235 CVE-2018-19966 xsa280 xen: Conflicts with shadow paging due to XSA-240 incomplete fix (XSA-280)
0
0
BZ#1652251 CVE-2018-19963 CVE-2018-19964 CVE-2018-19966 xen: various flaws [fedora-all]
0
0
BZ#1679321 xen: xsa288: Inconsistent PV IOMMU discipline
0
0
BZ#1679326 xen: xsa292: insufficient TLB flushing when using PCID
0
0
BZ#1679327 xen: xsa293: PV kernel context switch corruption
0
0
BZ#1679328 xen: xsa287: steal_page violates page_struct access discipline
0
0
BZ#1679332 xen: xsa285: race with pass-through device hotplug
0
0
BZ#1679334 xen: xsa290: missing preemption in x86 PV page table unvalidation
0
0
BZ#1683956 xen: xsa294: Insufficient TLB flushing when using PCID
0
0
BZ#1685568 xen: xsa284: grant table transfer issues on large hosts
0
0
BZ#1685570 xen: xsa291: x86/PV: page type reference counting issue with failed IOMMU update
0
0
BZ#1685577 xen: various flaws [fedora-all]
0
0

Automated Test Results