SECURITY: Fedora 36 Update: xen-4.16.2-3.fc36
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-07438e12df
2022-11-09 11:20:02.682733
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 36
Version : 4.16.2
Release : 3.fc36
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests
can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests
can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317,
CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319] Xenstore: Guests can get access to Xenstore nodes of
deleted domains [XSA-417, CVE-2022-42320] Xenstore: Guests can crash xenstored
via exhausting the stack [XSA-418, CVE-2022-42321] Xenstore: Cooperating guests
can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421,
CVE-2022-42325, CVE-2022-42326]
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Michael Young - 4.16.2-3
- x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327]
- Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
- Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
- Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
- Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
- Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
- Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
- Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
- Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
- Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-07438e12df' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A xen security update has been released for Fedora 36.
