Fedora Linux 8647 Published by

A xen security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: xen-4.16.2-4.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-9f51d13fa3
2022-11-24 01:24:26.774334
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 37
Version : 4.16.2
Release : 4.fc37
URL :   http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86: Multiple speculative security issues [XSA-422, CVE-2022-23824] ---- x86:
unintended memory sharing between guests [XSA-412, CVE-2022-42327] Xenstore:
Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests can create
orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests can let run
xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317,
CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319] Xenstore: Guests can get access to Xenstore nodes of
deleted domains [XSA-417, CVE-2022-42320] Xenstore: Guests can crash xenstored
via exhausting the stack [XSA-418, CVE-2022-42321] Xenstore: Cooperating guests
can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421,
CVE-2022-42325, CVE-2022-42326]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 8 2022 Michael Young - 4.16.2-4
- x86: Multiple speculative security issues [XSA-422, CVE-2022-23824]
* Tue Nov 1 2022 Michael Young - 4.16.2-3
- x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
- Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
- Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
- Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
- Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
- Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
- Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
- Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
- Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
- Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-9f51d13fa3' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________