That CVE was announced here: https://www.openwall.com/lists/oss-security/2024/02/27/2 Mageia 9 is also affected. The needed patches are provided in the link above: xsa451-4.17.patch for Mageia 9 and xsa451-4.18.patch for Cauldron.
Source RPM: (none) => xen-4.18.0-5.mga10.src.rpmStatus comment: (none) => Patches available from upstreamCVE: (none) => CVE-2023-46841Whiteboard: (none) => MGA9TOO
Assigning this to you Giuseppe because you have very recently done several similar patches for Xen; this CVE number actually follows those.
Assignee: bugsquad => ghibomgx
CVE-2023-28746 was announced here: https://www.openwall.com/lists/oss-security/2024/03/12/13
CVE: CVE-2023-46841 => CVE-2023-46841, CVE-2023-28746, CVE-2024-2193Summary: xen new security issue CVE-2023-46841 => xen new security issue CVE-2023-46841, CVE-2023-28746 and CVE-2024-2193
CVE-2024-2193 was announced here: https://www.openwall.com/lists/oss-security/2024/03/12/14
For Cauldron, the build seems to fail because of GCC 14.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: x86: shadow stack vs exceptions from emulation stubs. (CVE-2023-46841) x86: Register File Data Sampling. (CVE-2023-28746) GhostRace: Speculative Race Conditions. (CVE-2024-2193) References: https://www.openwall.com/lists/oss-security/2024/02/27/2 https://www.openwall.com/lists/oss-security/2024/03/12/13 https://www.openwall.com/lists/oss-security/2024/03/12/14 ======================== Updated packages in core/updates_testing: ======================== lib(64)xen3.0-4.17.3-1.1.mga9 lib(64)xen-devel-4.17.3-1.1.mga9 ocaml-xen-4.17.3-1.1.mga9 ocaml-xen-devel-4.17.3-1.1.mga9 xen-4.17.3-1.1.mga9 xen-hypervisor-4.17.3-1.1.mga9 xen-licenses-4.17.3-1.1.mga9 xen-runtime-4.17.3-1.1.mga9 from SRPM: xen-4.17.3-1.1.mga9.src.rpm
are you sure ALL of the patches in the latest security queue are applyied/applying correctly? As I've tried last week and some of them were not applying smootly, tso I was waiting for 4.17.4 final.
To be able to apply all patches for xsa451, xsa452 and xsa453, I had to add some other patches, as same Fedora did: xen.git-0ce25b46ab2fb53a1b58f7682ca14971453f4f2c.patch xen.git-54dacb5c02cba4676879ed077765734326b78e39.patch xen.git-76ea2aab3652cc34e474de0905f0a9cd4df7d087.patch xen.git-91650010815f3da0834bc9781c4359350d1162a5.patch With those 4 patches, all patches for xsa451, xsa452 and xsa453 applied cleanly. That said, maybe I missed some other patches so, if you prefer waiting for 4.17.4 final, it is good for me (and there is the build problem with GCC 14 for Cauldron).
Since all the patches up to xsa453 were included I think everything is fine with this 4.17.3+fixes release.
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Source RPM: xen-4.18.0-5.mga10.src.rpm => xen-4.17.3-1.mga9Assignee: ghibomgx => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpm Marking xen-licenses as manually installed, it won't be auto-orphaned writing /var/lib/rpm/installed-through-deps.list To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") edk2-ovmf-xen 20221117git> 7.mga9 noarch (recommended) lib64nl-cli3_200 3.7.0 1.mga9 x86_64 lib64nl-idiag3_200 3.7.0 1.mga9 x86_64 lib64nl-nf3_200 3.7.0 1.mga9 x86_64 lib64nl-xfrm3_200 3.7.0 1.mga9 x86_64 lib64nl3-devel 3.7.0 1.mga9 x86_64 lib64uuid-devel 2.38.1 1.mga9 x86_64 ocaml-compiler 4.14.0 2.mga9 x86_64 ocaml-compiler-libs 4.14.0 2.mga9 x86_64 python3-lxml 4.9.2 1.mga9 x86_64 (medium "Core Updates (distrib3)") kernel-server 6.6.22 1.mga9 x86_64 lib64yajl-devel 2.1.0 6.1.mga9 x86_64 (command line) lib64xen-devel 4.17.3 1.1.mga9 x86_64 lib64xen3.0 4.17.3 1.1.mga9 x86_64 ocaml-xen 4.17.3 1.1.mga9 x86_64 ocaml-xen-devel 4.17.3 1.1.mga9 x86_64 xen 4.17.3 1.1.mga9 x86_64 xen-hypervisor 4.17.3 1.1.mga9 x86_64 xen-licenses 4.17.3 1.1.mga9 x86_64 xen-runtime 4.17.3 1.1.mga9 x86_64 530MB of additional disk space will be used. 212MB of packages will be retrieved. Proceed with the installation of the 20 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nl3-devel-3.7.0-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-lxml-4.9.2-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nl-xfrm3_200-3.7.0-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nl-idiag3_200-3.7.0-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64uuid-devel-2.38.1-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/ocaml-compiler-4.14.0-2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/edk2-ovmf-xen-20221117gitfff6d81270b5-7.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nl-cli3_200-3.7.0-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64nl-nf3_200-3.7.0-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/ocaml-compiler-libs-4.14.0-2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/kernel-server-6.6.22-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64yajl-devel-2.1.0-6.1.mga9.x86_64.rpm installing /var/cache/urpmi/rpms/kernel-server-6.6.22-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/lib64xen-devel-4.17.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64nl-idiag3_200-3.7.0-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/ocaml-xen-devel-4.17.3-1.1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-runtime-4.17.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64nl-cli3_200-3.7.0-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64nl-nf3_200-3.7.0-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-hypervisor-4.17.3-1.1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/ocaml-xen-4.17.3-1.1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/xen-licenses-4.17.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/python3-lxml-4.9.2-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64nl-xfrm3_200-3.7.0-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64uuid-devel-2.38.1-1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/lib64xen3.0-4.17.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64nl3-devel-3.7.0-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/edk2-ovmf-xen-20221117gitfff6d81270b5-7.mga9.noarch.rpm /home/katnatek/qa-testing/x86_64/xen-4.17.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/ocaml-compiler-libs-4.14.0-2.mga9.x86_64.rpm /var/cache/urpmi/rpms/ocaml-compiler-4.14.0-2.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64yajl-devel-2.1.0-6.1.mga9.x86_64.rpm Preparing... ################################################################################################## 1/20: xen-licenses ################################################################################################## 2/20: lib64xen3.0 ################################################################################################## 3/20: lib64nl-nf3_200 ################################################################################################## 4/20: lib64nl-cli3_200 ################################################################################################## 5/20: ocaml-compiler ################################################################################################## 6/20: ocaml-compiler-libs ################################################################################################## 7/20: ocaml-xen ################################################################################################## 8/20: lib64yajl-devel ################################################################################################## 9/20: edk2-ovmf-xen ################################################################################################## 10/20: xen-hypervisor ################################################################################################## Generating grub configuration file ... Found theme: /boot/grub2/themes/maggy/theme.txt Found linux image: /boot/vmlinuz-6.6.22-desktop-1.mga9 Found initrd image: /boot/initrd-6.6.22-desktop-1.mga9.img Found linux image: /boot/vmlinuz-6.6.22-desktop-1.mga9 Found initrd image: /boot/initrd-6.6.22-desktop-1.mga9.img Found memtest image: /boot/memtest Adding boot menu entry for UEFI Firmware Settings ... done 11/20: lib64uuid-devel ################################################################################################## 12/20: lib64nl-xfrm3_200 ################################################################################################## 13/20: python3-lxml ################################################################################################## 14/20: lib64nl-idiag3_200 ################################################################################################## 15/20: lib64nl3-devel ################################################################################################## 16/20: lib64xen-devel ################################################################################################## 17/20: kernel-server ################################################################################################## 18/20: xen-runtime ################################################################################################## Created symlink /etc/systemd/system/multi-user.target.wants/xenstored.service -> /usr/lib/systemd/system/xenstored.service. Created symlink /etc/systemd/system/multi-user.target.wants/xenconsoled.service -> /usr/lib/systemd/system/xenconsoled.service. 19/20: xen ################################################################################################## Created symlink /etc/systemd/system/multi-user.target.wants/xendomains.service -> /usr/lib/systemd/system/xendomains.service. 20/20: ocaml-xen-devel ################################################################################################## 1/2: removing lib64xen3.0-4.17.3-1.mga9.x86_64 ################################################################################################## 2/2: removing xen-licenses-4.17.3-1.mga9.x86_64 ################################################################################################## remove-boot-splash: Format of /boot/initrd-6.6.22-server-1.mga9.img not recognized You should restart your computer for kernel-server Install after this kernel-server-devel (because I have a dkms module) and I'll reboot and test the Mageia wit Xen Hypervisor
CC: (none) => ghibomgx
Mageia 9 x86_64 with Hypervisor Plasma X11 I get errors at boot time about /dev/hvc0 that not remember see before https://www.imagebam.com/view/MESUBZN Once again, don't know what more test
Keywords: (none) => feedback
Created attachment 14496 [details] Commands testing xen Back to https://bugs.mageia.org/show_bug.cgi?id=32332#c49 and repeat the commands adding journalctl |grep hvc and ls -la /dev/hvc* to make checks about the warning at boot time, all look well I think, the reduction in memory in "xl info" is due a 4Gb module removed
CC: (none) => andrewsfarmKeywords: feedback => (none)
With nothing more to add I give OK to this
Whiteboard: (none) => MGA9-64-OK
Thanks, katnatek. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0115.html
Status: NEW => RESOLVEDResolution: (none) => FIXED