stable

xen-4.14.0-14.fc33

FEDORA-2020-64859a826b created by myoung 3 years ago for Fedora 33

xenstore watch notifications lacking permission checks [XSA-115, CVE-2020-29480] (#1908091) Xenstore: new domains inheriting existing node permissions [XSA-322, CVE-2020-29481] (#1908095) Xenstore: wrong path length check [XSA-323, CVE-2020-29482] (#1908096) Xenstore: guests can crash xenstored via watchs [XSA-324, CVE-2020-29484] (#1908088) Xenstore: guests can disturb domain cleanup [XSA-325, CVE-2020-29483] (#1908087) oxenstored memory leak in reset_watches [XSA-330, CVE-2020-29485] (#1908000) undue recursion in x86 HVM context switch code [XSA-348, CVE-2020-29566] (#1908085) oxenstored: node ownership can be changed by unprivileged clients [XSA-352, CVE-2020-29486] (#1908003) oxenstored: permissions not checked on root node [XSA-353, CVE-2020-29479] (#1908002) infinite loop when cleaning up IRQ vectors [XSA-356, CVE-2020-29567] (#1907932) FIFO event channels control block related ordering [XSA-358, CVE-2020-29570] (#1907931) FIFO event channels control structure ordering [XSA-359, CVE-2020-29571] (#1908089)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-64859a826b

This update has been submitted for testing by myoung.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon pwalter commented & provided feedback 3 years ago
karma

Works

This update can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by bodhi.

3 years ago
User Icon geraldosimiao commented & provided feedback 3 years ago
karma

works

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1905623 CVE-2020-29485 xen: oxenstored memory leak in reset_watches (XSA-330)
0
0
BZ#1905626 CVE-2020-29482 xen: Xenstore: wrong path length check (XSA-323)
0
0
BZ#1905632 CVE-2020-29481 xen: Xenstore: new domains inheriting existing node permissions (XSA-322)
0
0
BZ#1905635 CVE-2020-29484 xen: Xenstore: guests can crash xenstored via watchs (XSA-324)
0
0
BZ#1905648 CVE-2020-29483 xen: Xenstore: guests can disturb domain cleanup (XSA-325)
0
0
BZ#1905652 CVE-2020-29486 xen: oxenstored: node ownership can be changed by unprivileged clients (XSA-352)
0
0
BZ#1905656 CVE-2020-29567 xen: infinite loop when cleaning up IRQ vectors (XSA-356)
0
0
BZ#1905668 CVE-2020-29479 xen: oxenstored: permissions not checked on root node (XSA-353)
0
0
BZ#1905669 CVE-2020-29566 xen: undue recursion in x86 HVM context switch code (XSA-348)
0
0
BZ#1905672 CVE-2020-29480 xen: xenstore watch notifications lacking permission checks (XSA-115)
0
0
BZ#1905675 CVE-2020-29570 xen: FIFO event channels control block related ordering (XSA-358)
0
0
BZ#1905676 CVE-2020-29571 xen: FIFO event channels control structure ordering
0
0
BZ#1907931 CVE-2020-29570 xen: FIFO event channels control block related ordering (XSA-358) [fedora-all]
0
0
BZ#1907932 CVE-2020-29567 xen: infinite loop when cleaning up IRQ vectors (XSA-356) [fedora-all]
0
0
BZ#1908000 CVE-2020-29485 xen: oxenstored memory leak in reset_watches (XSA-330) [fedora-all]
0
0
BZ#1908002 CVE-2020-29479 xen: oxenstored: permissions not checked on root node (XSA-353) [fedora-all]
0
0
BZ#1908003 CVE-2020-29486 xen: oxenstored: node ownership can be changed by unprivileged clients (XSA-352) [fedora-all]
0
0
BZ#1908085 CVE-2020-29566 xen: undue recursion in x86 HVM context switch code (XSA-348) [fedora-all]
0
0
BZ#1908087 CVE-2020-29483 xen: Xenstore: guests can disturb domain cleanup (XSA-325) [fedora-all]
0
0
BZ#1908088 CVE-2020-29484 xen: Xenstore: guests can crash xenstored via watchs (XSA-324) [fedora-all]
0
0
BZ#1908089 CVE-2020-29571 xen: FIFO event channels control structure ordering [fedora-all]
0
0
BZ#1908091 CVE-2020-29480 xen: xenstore watch notifications lacking permission checks (XSA-115) [fedora-all]
0
0
BZ#1908095 CVE-2020-29481 xen: Xenstore: new domains inheriting existing node permissions (XSA-322) [fedora-all]
0
0
BZ#1908096 CVE-2020-29482 xen: Xenstore: wrong path length check (XSA-323) [fedora-all]
0
0

Automated Test Results