Fedora alert FEDORA-2016-da6b1d277b (xen)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 23 Update: xen-4.5.5-3.fc23 | |
| Date: | Thu, 10 Nov 2016 15:54:47 +0000 (UTC) | |
| Message-ID: | <20161110155447.90F0E6061593@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-da6b1d277b 2016-11-10 13:46:09.607498 -------------------------------------------------------------------------------- Name : xen Product : Fedora 23 Version : 4.5.5 Release : 3.fc23 URL : http://xen.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: several qemu security fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch https://bugzilla.redhat.com/show_bug.cgi?id=1333425 [ 2 ] Bug #1383291 - CVE-2016-8578 Qemu: 9pfs: potential NULL dereferencein 9pfs routines https://bugzilla.redhat.com/show_bug.cgi?id=1383291 [ 3 ] Bug #1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters https://bugzilla.redhat.com/show_bug.cgi?id=1384909 [ 4 ] Bug #1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode https://bugzilla.redhat.com/show_bug.cgi?id=1388046 [ 5 ] Bug #1327626 - Qemu: timer: a9gtimer: Infinite loop unfolds when updating a9gtimer https://bugzilla.redhat.com/show_bug.cgi?id=1327626 [ 6 ] Bug #1389642 - CVE-2016-9103 Qemu: 9pfs: information leakage via xattr https://bugzilla.redhat.com/show_bug.cgi?id=1389642 [ 7 ] Bug #1389550 - CVE-2016-9102 Qemu: 9pfs: memory leakage when creating extended attribute https://bugzilla.redhat.com/show_bug.cgi?id=1389550 [ 8 ] Bug #1389702 - CVE-2016-9105 Qemu: 9pfs: memory leakage in v9fs_link https://bugzilla.redhat.com/show_bug.cgi?id=1389702 [ 9 ] Bug #1389712 - CVE-2016-9106 Qemu: 9pfs: memory leakage in v9fs_write https://bugzilla.redhat.com/show_bug.cgi?id=1389712 [ 10 ] Bug #1389686 - CVE-2016-9104 Qemu: 9pfs: integer overflow leading to OOB access https://bugzilla.redhat.com/show_bug.cgi?id=1389686 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org