[ubuntu/focal-security] xen 4.11.3+24-g14b62ab3e5-1ubuntu2.3 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Mon Sep 19 14:13:16 UTC 2022
xen (4.11.3+24-g14b62ab3e5-1ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Fix multiple vulnerabilities
- d/p/xsa312-4.11.patch: Place a speculation barrier sequence
following an eret instruction
- d/p/CVE-2020-11740-and-CVE-2020-11741-1.patch: clear buffer intended
to be shared with guests
- d/p/CVE-2020-11740-and-CVE-2020-11741-2.patch: limit consumption of
shared buffer data
- d/p/CVE-2020-11739.patch: Add missing memory barrier in the unlock
path of rwlock
- d/p/CVE-2020-11743.patch: Fix error path in map_grant_ref()
- d/p/CVE-2020-11742.patch: fix GNTTABOP_copy continuation handling
- d/p/CVE-2020-0543-1.patch: CPUID/MSR definitions for Special
Register Buffer Data Sampling
- d/p/CVE-2020-0543-2.patch: Mitigate the Special Register Buffer
Data Sampling sidechannel
- d/p/CVE-2020-0543-3.patch: Allow the RDRAND/RDSEED features to be
hidden
- d/p/CVE-2020-15566.patch: Don't ignore error in get_free_port()
- d/p/CVE-2020-15563.patch: correct an inverted conditional in dirty
VRAM tracking
- d/p/CVE-2020-15565-1.patch: improve IOMMU TLB flush
- d/p/CVE-2020-15565-2.patch: prune (and rename) cache flush
functions
- d/p/CVE-2020-15565-3.patch: introduce a cache sync hook
- d/p/CVE-2020-15565-4.patch: don't assume addresses are aligned in
sync_cache
- d/p/CVE-2020-15564.patch: Check the alignment of the offset passed
via VCPUOP_register_vcpu_info
- d/p/CVE-2020-15567-1.patch: ept_set_middle_entry() related
adjustments
- d/p/CVE-2020-15567-2.patch: atomically modify entries in
ept_next_level
- d/p/CVE-2020-25602.patch: Handle the Intel-specific MSR_MISC_ENABLE
correctly
- d/p/CVE-2020-25604.patch: fix race when migrating timers between
vCPUs
- d/p/CVE-2020-25595-1.patch: get rid of read_msi_msg
- d/p/CVE-2020-25595-2.patch: restrict reading of table/PBA bases
from BARs
- d/p/CVE-2020-25597.patch: relax port_is_valid()
- d/p/CVE-2020-25596.patch: Avoid double exception injection
- d/p/CVE-2020-25603.patch: Add missing barriers when
accessing/allocating an event channel
- d/p/CVE-2020-25600.patch: enforce correct upper limit for 32-bit
guests
- d/p/CVE-2020-25599-1.patch: evtchn_reset() shouldn't succeed with
still-open ports
- d/p/CVE-2020-25599-2.patch: convert per-channel lock to be IRQ-safe
- d/p/CVE-2020-25599-3.patch: address races with evtchn_reset()
- d/p/CVE-2020-25601-1.patch: arrange for preemption in
evtchn_destroy()
- d/p/CVE-2020-25601-2.patch: arrange for preemption in evtchn_reset()
- CVE-2020-11740
- CVE-2020-11741
- CVE-2020-11739
- CVE-2020-11743
- CVE-2020-11742
- CVE-2020-0543
- CVE-2020-15566
- CVE-2020-15563
- CVE-2020-15565
- CVE-2020-15564
- CVE-2020-15567
- CVE-2020-25602
- CVE-2020-25604
- CVE-2020-25595
- CVE-2020-25597
- CVE-2020-25596
- CVE-2020-25603
- CVE-2020-25600
- CVE-2020-25599
- CVE-2020-25601
Date: 2022-08-23 12:04:09.070196+00:00
Changed-By: Luís Cunha dos Reis Infante da Câmara <luis.infante.da.camara at tecnico.ulisboa.pt>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list