Fedora Linux 8490 Published by

A xen security update has been released for Fedora 38.



[SECURITY] Fedora 38 Update: xen-4.17.1-9.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-0d6aa10621
2023-08-05 01:37:28.394507
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 38
Version : 4.17.1
Release : 9.fc38
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320]
(#2228238) ---- bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] ----
x86/AMD: Zenbleed [XSA-433] omit OCaml 5 patch on fc38
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 1 2023 Michael Young [m.a.young@durham.ac.uk] - 4.17.1-9
- arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320]
(#2228238)
* Mon Jul 31 2023 Michael Young [m.a.young@durham.ac.uk] - 4.17.1-8
- bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]
* Tue Jul 25 2023 Michael Young [m.a.young@durham.ac.uk]
- adjust OCaml patch condition so eln builds work
* Mon Jul 24 2023 Michael Young [m.a.young@durham.ac.uk] - 4.17.1-7
- x86/AMD: Zenbleed [XSA-433, CVE-2023-20593]
- omit OCaml 5 patch on fc38
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 4.17.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 10 2023 Jerry James [loganjerry@gmail.com] - 4.17.1-5
- Add patch for OCaml 5.0.0
* Tue Jun 27 2023 Michael Young [m.a.young@durham.ac.uk] - 4.17.1-4
- work around a build problem with python 3.12
* Tue Jun 13 2023 Python Maint - 4.17.1-3
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2228237 - CVE-2023-34320 Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77
https://bugzilla.redhat.com/show_bug.cgi?id=2228237
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-0d6aa10621' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------