{
  "schema_version": "1.7.0",
  "id": "MGASA-2020-0113",
  "published": "2020-03-06T16:13:58Z",
  "modified": "2020-03-06T15:40:56Z",
  "summary": "Updated xen packages fix security vulnerability",
  "details": "- Updated from 4.12.0 to 4.12.1\n- Device quarantine for alternate pci assignment methods [XSA-306]\n- x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207]\n- TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135]\n- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] (rhbz#1771368)\n- missing descriptor table limit checking in x86 PV emulation [XSA-298,\n  CVE-2019-18425] (rhbz#1771341)\n- Issues with restartable PV type change operations [XSA-299, CVE-2019-18421]\n  (rhbz#1767726)\n- add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423]\n  (rhbz#1771345)\n- passed through PCI devices may corrupt host memory after deassignment\n  [XSA-302, CVE-2019-18424] (rhbz#1767731)\n- ARM: Interrupts are unconditionally unmasked in exception handlers\n  [XSA-303, CVE-2019-18422] (rhbz#1771443)\n- Unlimited Arm Atomics Operations [XSA-295, CVE-2019-17349,\n  CVE-2019-17350] (rhbz#1720760)\n- fix HVM DomU boot on some chipsets\n- adjust grub2 workaround\n",
  "upstream": [
    "CVE-2018-12207",
    "CVE-2019-11135",
    "CVE-2019-17349",
    "CVE-2019-17349",
    "CVE-2019-17350",
    "CVE-2019-18420",
    "CVE-2019-18421",
    "CVE-2019-18422",
    "CVE-2019-18423",
    "CVE-2019-18424",
    "CVE-2019-18425"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2020-0113.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=25782"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-295.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-296.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-298.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-299.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-301.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-302.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-303.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-304.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-305.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://xenbits.xen.org/xsa/advisory-306.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:7",
        "name": "xen",
        "purl": "pkg:rpm/mageia/xen?arch=source&distro=mageia-7"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.12.1-1.mga7"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}