Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: xen-hypervisor | Distribution: Fedora Project |
Version: 4.17.2 | Vendor: Fedora Project |
Release: 2.fc39 | Build date: Tue Sep 26 16:58:33 2023 |
Group: Unspecified | Build host: buildhw-a64-21.iad2.fedoraproject.org |
Size: 13045709 | Source RPM: xen-4.17.2-2.fc39.src.rpm |
Packager: Fedora Project | |
Url: http://xen.org/ | |
Summary: Libraries for Xen tools |
This package contains the Xen hypervisor
GPLv2+ and LGPLv2+ and BSD
* Tue Sep 26 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.2-2 - arm32: The cache may not be properly cleaned/invalidated [XSA-437, CVE-2023-34321] - top-level shadow reference dropped too early for 64-bit PV guests [XSA-438, CVE-2023-34322] - x86/AMD: Divide speculative information leak [XSA-439, CVE-2023-20588] * Thu Aug 10 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.2-1 - update to xen-4.17.2 which includes x86/AMD: Speculative Return Stack Overflow [XSA-434, CVE-2023-20569] x86/Intel: Gather Data Sampling [XSA-435, CVE-2022-40982] - remove patches now included upstream * Tue Aug 01 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.1-9 - arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320] (#2228238) * Mon Jul 31 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.1-8 - bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] * Tue Jul 25 2023 Michael Young <m.a.young@durham.ac.uk> - adjust OCaml patch condition so eln builds work * Mon Jul 24 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.1-7 - x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] - omit OCaml 5 patch on fc38 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.17.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Mon Jul 10 2023 Jerry James <loganjerry@gmail.com> - 4.17.1-5 - Add patch for OCaml 5.0.0 * Tue Jun 27 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.1-4 - work around a build problem with python 3.12 * Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 4.17.1-3 - Rebuilt for Python 3.12 * Tue May 16 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.1-2 - Mishandling of guest SSBD selection on AMD hardware [XSA-431, CVE-2022-42336] * Tue May 02 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.1-1 - update to xen-4.17.1 remove patches now included upstream switch from patchN to patch N format for applying patches * Tue Apr 25 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-9 - x86 shadow paging arbitrary pointer dereference [XSA-430, CVE-2022-42335] * Tue Mar 21 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-8 - 3 security issues (#2180425) x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332] x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333, CVE-2022-42334] x86: speculative vulnerability in 32bit SYSCALL path [XSA-429, CVE-2022-42331] * Sat Feb 18 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-7 - use OVMF.fd from new edk2-ovmf-xen package as ovmf.bin file built from edk2-ovmf package no longer supports xen (#2170930) * Tue Feb 14 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-6 - x86: Cross-Thread Return Address Predictions [XSA-426, CVE-2022-27672] * Wed Jan 25 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-5 - Guests can cause Xenstore crash via soft reset [XSA-425, CVE-2022-42330] (#2164520) * Tue Jan 24 2023 Michael Young <m.a.young@durham.ac.uk> - now need BuildRequires for hostname * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.17.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Jan 17 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-3 - build fix for gcc13 * Sun Jan 08 2023 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-2 - fix clean up of init scripts if /etc/rc.d/init.d doesn't exist * Tue Dec 20 2022 Michael Young <m.a.young@durham.ac.uk> - python3-setuptools BuildRequires is needed for python 3.12 * Tue Dec 13 2022 Michael Young <m.a.young@durham.ac.uk> - 4.17.0-1 - update to xen-4.17.0 rebase xen.fedora.systemd.patch and xen.canonicalize.patch remove or adjust patches now included or superceded upstream /var/lib/xenstored has moved to /run/xenstored * Tue Nov 08 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.2-4 - x86: Multiple speculative security issues [XSA-422, CVE-2022-23824] * Tue Nov 01 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.2-3 - x86: unintended memory sharing between guests [XSA-412, CVE-2022-42327] - Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] - Xenstore: Guests can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] - Xenstore: guests can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318] - Xenstore: Guests can cause Xenstore to not free temporary memory [XSA-416, CVE-2022-42319] - Xenstore: Guests can get access to Xenstore nodes of deleted domains [XSA-417, CVE-2022-42320] - Xenstore: Guests can crash xenstored via exhausting the stack [XSA-418, CVE-2022-42321] - Xenstore: Cooperating guests can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323] - Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324] - Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421, CVE-2022-42325, CVE-2022-42326] * Fri Oct 14 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.2-2 - Arm: unbounded memory consumption for 2nd-level page tables [XSA-409, CVE-2022-33747] (#2135268) - P2M pool freeing may take excessively long [XSA-410, CVE-2022-33746] (#2135641) - lock order inversion in transitive grant copy handling [XSA-411, CVE-2022-33748] (#2135263) * Sat Sep 17 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.2-1 - update to xen-4.16.2 remove or adjust patches now included or superceded upstream * Tue Jul 26 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-8 - insufficient TLB flush for x86 PV guests in shadow mode [XSA-408, CVE-2022-33745] (#2112223) * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.16.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 12 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-6 - Retbleed - arbitrary speculative code execution with return instructions [XSA-407, CVE-2022-23816, CVE-2022-23825, CVE-2022-29900] * Tue Jul 05 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-5 - Linux disk/nic frontends data leaks [XSA-403, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742] (#2104747) * Tue Jun 21 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-4 - x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166] * Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.16.1-3 - Rebuilt for Python 3.11 (F37 build only) * Sat Jun 11 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-2 - stop building for ix86 and armv7hl due to missing build dependency - x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362] - x86 pv: Insufficient care with non-coherent mappings [ XSA-402, CVE-2022-26363, CVE-2022-26364] - additional patches so above applies cleanly * Thu Apr 14 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.1-1 - update to xen-4.16.1 remove or adjust patches now included or superceded upstream renumber patches - strip .efi file to help EFI partitions with limited space * Tue Apr 05 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.0-6 - Racy interactions between dirty vram tracking and paging log dirty hypercalls [XSA-397, CVE-2022-26356] - race in VT-d domain ID cleanup [XSA-399, CVE-2022-26357] - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues [XSA-400, CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361] - additional patches so above applies cleanly * Mon Mar 21 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.0-5 - fix build of xen*.efi file and package it in /usr/lib*/efi * Tue Mar 15 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.0-4 - Multiple speculative security issues [XSA-398] - additional patches so above applies cleanly * Sat Jan 29 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.0-3 - adjust build script and patches for gcc12 and package note support * Sat Jan 29 2022 Michael Young <m.a.young@durham.ac.uk> - arm: guest_physmap_remove_page not removing the p2m mappings [XSA-393, CVE-2022-23033] (#2045044) - A PV guest could DoS Xen while unmapping a grant [XSA-394, CVE-2022-23034] (#2045042) - Insufficient cleanup of passed-through device IRQs [XSA-395, CVE-2022-23035] (#2045040) * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.16.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Mon Jan 10 2022 Michael Young <m.a.young@durham.ac.uk> - 4.16.0-1 - update to xen-4.16.0 rebase xen.canonicalize.patch and xen.gcc11.fixes.patch drop xen.fedora.efi.build.patch which is no longer useful remove or adjust patches now included or superceded upstream update libxenstore libary versions unpackage /boot/efi/EFI/fedora/xen*.efi package xen-mceinj and xen-vmtrace - don't build qemu-traditional or pv-grub by default (following upstream) - fix some incorrect dependencies on building qemu-traditional - change grub module package dependencies from Suggests to Recommends and move to hypervisor package - rework seabios configure logic (bios.bin is no longer useful) - frontends vulnerable to backends [XSA-376] (document change only) * Tue Nov 23 2021 Michael Young <m.a.young@durham.ac.uk> - 4.15.1-4 - guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] - PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] - issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] - certain VT-d IOMMUs may not work in shared page table mode [XSA-390, CVE-2021-28710] * Wed Oct 06 2021 Michael Young <m.a.young@durham.ac.uk> - 4.15.1-3 - rebuild (f36 only) for OCaml 4.13.1 * Tue Oct 05 2021 Michael Young <m.a.young@durham.ac.uk> - 4.15.1-2 - PCI devices with RMRRs not deassigned correctly [XSA-386, CVE-2021-28702] (#2011248)
/boot/flask /boot/flask/xenpolicy-4.17.2 /boot/xen /boot/xen-4 /boot/xen-4.17 /boot/xen-4.17.2 /boot/xen-4.17.2.config /usr/lib/debug/.build-id /usr/lib/debug/.build-id/8d /usr/lib/debug/.build-id/8d/c7acdd5ae5f7f7d2f7baea25e59321a8cc4d3a /usr/lib/debug/.build-id/8d/c7acdd5ae5f7f7d2f7baea25e59321a8cc4d3a.debug /usr/lib/debug/xen-syms-4.17.2 /usr/lib/debug/xen-syms-4.17.2.map /usr/lib64/efi/xen-4.17.2.efi /usr/lib64/efi/xen-4.17.2.notstripped.efi
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 22:15:25 2024