Bug 25782 - xen, new security issues XSA-306 XSA-304, CVE-2018-12207 XSA-305, CVE-2019-11135 XSA-296, CVE-2019-18420 XSA-298, CVE-2019-18425 XSA-299, CVE-2019-18421 XSA-301, CVE-2019-18423 XSA-302, CVE-2019-18424 XSA-303, CVE-2019-18422 XSA-295, CVE-2019-17349, CVE…
Summary: xen, new security issues XSA-306 XSA-304, CVE-2018-12207 XSA-305, CVE-2019-11...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-29 07:05 CET by Thierry Vignaud
Modified: 2019-11-29 07:05 CET (History)
0 users

See Also:
Source RPM: xen-4.12.1-1.mga7
CVE:
Status comment:


Attachments

Description Thierry Vignaud 2019-11-29 07:05:18 CET
Advisory:
========================

Updated Xen packages fix security vulnerabilities:

- Updated from 4.12.0 to 4.12.1
- Device quarantine for alternate pci assignment methods [XSA-306]
- x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207]
- TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135]
- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] (rhbz#1771368)
- missing descriptor table limit checking in x86 PV emulation [XSA-298,
CVE-2019-18425] (rhbz#1771341)
- Issues with restartable PV type change operations [XSA-299, CVE-2019-18421]
(rhbz#1767726)
- add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423]
(rhbz#1771345)
- passed through PCI devices may corrupt host memory after deassignment
[XSA-302, CVE-2019-18424] (rhbz#1767731)
- ARM: Interrupts are unconditionally unmasked in exception handlers
[XSA-303, CVE-2019-18422] (rhbz#1771443)
- Unlimited Arm Atomics Operations [XSA-295, CVE-2019-17349,
CVE-2019-17350] (rhbz#1720760)
- fix HVM DomU boot on some chipsets
- adjust grub2 workaround


References:
https://xenbits.xen.org/xsa/advisory-306.html
https://xenbits.xen.org/xsa/advisory-304.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207
https://xenbits.xen.org/xsa/advisory-305.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
https://xenbits.xen.org/xsa/advisory-296.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18420
https://xenbits.xen.org/xsa/advisory-298.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18425
https://xenbits.xen.org/xsa/advisory-299.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18421
https://xenbits.xen.org/xsa/advisory-301.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18423
https://xenbits.xen.org/xsa/advisory-302.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18424
https://xenbits.xen.org/xsa/advisory-303.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18422
https://xenbits.xen.org/xsa/advisory-295.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17350
========================

Updated packages in core/updates_testing:
========================
libxen3.0-4.12.1-1.mga7.i586.rpm
libxen3.0-debuginfo-4.12.1-1.mga7.i586.rpm
libxen-devel-4.12.1-1.mga7.i586.rpm
ocaml-xen-4.12.1-1.mga7.i586.rpm
ocaml-xen-debuginfo-4.12.1-1.mga7.i586.rpm
ocaml-xen-devel-4.12.1-1.mga7.i586.rpm
xen-4.12.1-1.mga7.i586.rpm
xen-debuginfo-4.12.1-1.mga7.i586.rpm
xen-debugsource-4.12.1-1.mga7.i586.rpm
xen-doc-4.12.1-1.mga7.noarch.rpm
xen-hypervisor-4.12.1-1.mga7.i586.rpm

lib64xen3.0-4.12.1-1.mga7.x86_64.rpm
lib64xen3.0-debuginfo-4.12.1-1.mga7.x86_64.rpm
lib64xen-devel-4.12.1-1.mga7.x86_64.rpm
ocaml-xen-4.12.1-1.mga7.x86_64.rpm
ocaml-xen-debuginfo-4.12.1-1.mga7.x86_64.rpm
ocaml-xen-devel-4.12.1-1.mga7.x86_64.rpm
xen-4.12.1-1.mga7.x86_64.rpm
xen-debuginfo-4.12.1-1.mga7.x86_64.rpm
xen-debugsource-4.12.1-1.mga7.x86_64.rpm
xen-doc-4.12.1-1.mga7.noarch.rpm
xen-hypervisor-4.12.1-1.mga7.x86_64.rpm

lib64xen3.0-4.12.1-1.mga7.aarch64.rpm
lib64xen3.0-debuginfo-4.12.1-1.mga7.aarch64.rpm
lib64xen-devel-4.12.1-1.mga7.aarch64.rpm
ocaml-xen-4.12.1-1.mga7.aarch64.rpm
ocaml-xen-debuginfo-4.12.1-1.mga7.aarch64.rpm
ocaml-xen-devel-4.12.1-1.mga7.aarch64.rpm
xen-4.12.1-1.mga7.aarch64.rpm
xen-debuginfo-4.12.1-1.mga7.aarch64.rpm
xen-debugsource-4.12.1-1.mga7.aarch64.rpm
xen-doc-4.12.1-1.mga7.noarch.rpm
xen-hypervisor-4.12.1-1.mga7.aarch64.rpm

libxen3.0-4.12.1-1.mga7.armv7hl.rpm
libxen3.0-debuginfo-4.12.1-1.mga7.armv7hl.rpm
libxen-devel-4.12.1-1.mga7.armv7hl.rpm
ocaml-xen-4.12.1-1.mga7.armv7hl.rpm
ocaml-xen-debuginfo-4.12.1-1.mga7.armv7hl.rpm
ocaml-xen-devel-4.12.1-1.mga7.armv7hl.rpm
xen-4.12.1-1.mga7.armv7hl.rpm
xen-debuginfo-4.12.1-1.mga7.armv7hl.rpm
xen-debugsource-4.12.1-1.mga7.armv7hl.rpm
xen-doc-4.12.1-1.mga7.noarch.rpm
xen-hypervisor-4.12.1-1.mga7.armv7hl.rpm
Thierry Vignaud 2019-11-29 07:05:51 CET

QA Contact: (none) => security
Component: RPM Packages => Security


Note You need to log in before you can comment on or make changes to this bug.