|
|
Subscribe / Log in / New account

Mageia alert MGASA-2020-0113 (xen)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2020-0113: Updated xen packages fix security vulnerability 


Date:
              Fri, 6 Mar 2020 17:15:03 +0100


Message-ID:
              <20200306161503.20E169F74F@duvel.mageia.org>


MGASA-2020-0113 - Updated xen packages fix security vulnerability

Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0113.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2018-12207,
     CVE-2019-11135,
     CVE-2019-17349,
     CVE-2019-17349,
     CVE-2019-17350,
     CVE-2019-18420,
     CVE-2019-18421,
     CVE-2019-18422,
     CVE-2019-18423,
     CVE-2019-18424,
     CVE-2019-18425

Description:
- Updated from 4.12.0 to 4.12.1
- Device quarantine for alternate pci assignment methods [XSA-306]
- x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207]
- TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135]
- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] (rhbz#1771368)
- missing descriptor table limit checking in x86 PV emulation [XSA-298,
  CVE-2019-18425] (rhbz#1771341)
- Issues with restartable PV type change operations [XSA-299, CVE-2019-18421]
  (rhbz#1767726)
- add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423]
  (rhbz#1771345)
- passed through PCI devices may corrupt host memory after deassignment
  [XSA-302, CVE-2019-18424] (rhbz#1767731)
- ARM: Interrupts are unconditionally unmasked in exception handlers
  [XSA-303, CVE-2019-18422] (rhbz#1771443)
- Unlimited Arm Atomics Operations [XSA-295, CVE-2019-17349,
  CVE-2019-17350] (rhbz#1720760)
- fix HVM DomU boot on some chipsets
- adjust grub2 workaround

References:
- https://bugs.mageia.org/show_bug.cgi?id=25782
- https://xenbits.xen.org/xsa/advisory-295.html
- https://xenbits.xen.org/xsa/advisory-296.html
- https://xenbits.xen.org/xsa/advisory-298.html
- https://xenbits.xen.org/xsa/advisory-299.html
- https://xenbits.xen.org/xsa/advisory-301.html
- https://xenbits.xen.org/xsa/advisory-302.html
- https://xenbits.xen.org/xsa/advisory-303.html
- https://xenbits.xen.org/xsa/advisory-304.html
- https://xenbits.xen.org/xsa/advisory-305.html
- https://xenbits.xen.org/xsa/advisory-306.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 7/core/xen-4.12.1-1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds