-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-0d1a8ee35b 2016-11-09 22:53:19.738008 -------------------------------------------------------------------------------- Name : xen Product : Fedora 24 Version : 4.6.3 Release : 7.fc24 URL : http://xen.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: several qemu security fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch https://bugzilla.redhat.com/show_bug.cgi?id=1333425 [ 2 ] Bug #1383291 - CVE-2016-8578 Qemu: 9pfs: potential NULL dereferencein 9pfs routines https://bugzilla.redhat.com/show_bug.cgi?id=1383291 [ 3 ] Bug #1384909 - CVE-2016-8669 Qemu: char: divide by zero error in serial_update_parameters https://bugzilla.redhat.com/show_bug.cgi?id=1384909 [ 4 ] Bug #1388046 - CVE-2016-8910 Qemu: net: rtl8139: infinite loop while transmit in C+ mode https://bugzilla.redhat.com/show_bug.cgi?id=1388046 [ 5 ] Bug #1327626 - Qemu: timer: a9gtimer: Infinite loop unfolds when updating a9gtimer https://bugzilla.redhat.com/show_bug.cgi?id=1327626 [ 6 ] Bug #1389642 - CVE-2016-9103 Qemu: 9pfs: information leakage via xattr https://bugzilla.redhat.com/show_bug.cgi?id=1389642 [ 7 ] Bug #1389550 - CVE-2016-9102 Qemu: 9pfs: memory leakage when creating extended attribute https://bugzilla.redhat.com/show_bug.cgi?id=1389550 [ 8 ] Bug #1389702 - CVE-2016-9105 Qemu: 9pfs: memory leakage in v9fs_link https://bugzilla.redhat.com/show_bug.cgi?id=1389702 [ 9 ] Bug #1389712 - CVE-2016-9106 Qemu: 9pfs: memory leakage in v9fs_write https://bugzilla.redhat.com/show_bug.cgi?id=1389712 [ 10 ] Bug #1389686 - CVE-2016-9104 Qemu: 9pfs: integer overflow leading to OOB access https://bugzilla.redhat.com/show_bug.cgi?id=1389686 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------