[ubuntu/oneiric-updates] xen 4.1.1-2ubuntu4.4 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Dec 12 13:58:14 UTC 2012 

xen (4.1.1-2ubuntu4.4) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service via IOMMU error handling
    - debian/patches/CVE-2011-3131.patch: disable bus-mastering on any card
      that causes an IOMMU fault in xen/drivers/passthrough/vtd/iommu.c,
      xen/drivers/passthrough/amd/iommu_init.c.
    - CVE-2011-3131
  * SECURITY UPDATE: denial of service via MMIO regions
    - debian/patches/CVE-2012-3432.patch: don't leave emulator in an
      inconsistent state in xen/arch/x86/hvm/io.c.
    - CVE-2012-3432
  * SECURITY UPDATE: denial of service via excessive shared page search
    time during the p2m teardown
    - debian/patches/CVE-2012-3433.patch: only check for shared pages while
      any exist on teardown in xen/arch/x86/mm/p2m.c.
    - CVE-2012-3433
  * SECURITY UPDATE: denial of service via DR7 reserved bits
    - debian/patches/CVE-2012-3494.patch: write upper 32 bits as zeros in
      xen/include/asm-x86/debugreg.h.
    - CVE-2012-3494
  * SECURITY UPDATE: denial of service and possible privilege escalation
    via physdev_get_free_pirq hypercall.
    - debian/patches/CVE-2012-3495.patch: handle out-of-pirq condition
      correctly in xen/arch/x86/physdev.c.
    - CVE-2012-3495
  * SECURITY UPDATE: denial of service via via invalid flags
    - debian/patches/CVE-2012-3496.patch: Don't BUG_ON() PoD operations on
      a non-translated guest in xen/arch/x86/mm/p2m.c.
    - CVE-2012-3496
  * SECURITY UPDATE: denial of service and possibly hypervisor memory
    disclosure via PHYSDEVOP_map_pirq
    - debian/patches/CVE-2012-3498.patch: add validation before using in
      xen/arch/x86/physdev.c.
    - CVE-2012-3498
  * SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence
    - debian/patches/CVE-2012-3515.patch: bounds check whenever changing
      the cursor due to an escape code in qemu/console.c.
    - CVE-2012-3515
  * SECURITY UPDATE: host info disclosure via qemu monitor
    - debian/patches/CVE-2012-4411.patch: disable qemu monitor by default
      in qemu/vl.c.
    - CVE-2012-4411

Date: 2012-12-11 16:25:26.590521+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/oneiric/+source/xen/4.1.1-2ubuntu4.4
-------------- next part --------------
Sorry, changesfile not available.

More information about the Oneiric-changes mailing list