[ubuntu/precise-security] xen 4.1.2-2ubuntu2.4 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Dec 12 13:10:19 UTC 2012 

xen (4.1.2-2ubuntu2.4) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via MMIO regions
    - debian/patches/CVE-2012-3432.patch: don't leave emulator in an
      inconsistent state in xen/arch/x86/hvm/io.c.
    - CVE-2012-3432
  * SECURITY UPDATE: denial of service via excessive shared page search
    time during the p2m teardown
    - debian/patches/CVE-2012-3433.patch: only check for shared pages while
      any exist on teardown in xen/arch/x86/mm/p2m.c.
    - CVE-2012-3433
  * SECURITY UPDATE: denial of service via DR7 reserved bits
    - debian/patches/CVE-2012-3494.patch: write upper 32 bits as zeros in
      xen/include/asm-x86/debugreg.h.
    - CVE-2012-3494
  * SECURITY UPDATE: denial of service and possible privilege escalation
    via physdev_get_free_pirq hypercall.
    - debian/patches/CVE-2012-3495.patch: handle out-of-pirq condition
      correctly in xen/arch/x86/physdev.c.
    - CVE-2012-3495
  * SECURITY UPDATE: denial of service via via invalid flags
    - debian/patches/CVE-2012-3496.patch: Don't BUG_ON() PoD operations on
      a non-translated guest in xen/arch/x86/mm/p2m.c.
    - CVE-2012-3496
  * SECURITY UPDATE: denial of service and possibly hypervisor memory
    disclosure via PHYSDEVOP_map_pirq
    - debian/patches/CVE-2012-3498.patch: add validation before using in
      xen/arch/x86/physdev.c.
    - CVE-2012-3498
  * SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence
    - debian/patches/CVE-2012-3515.patch: bounds check whenever changing
      the cursor due to an escape code in qemu/console.c.
    - CVE-2012-3515
  * SECURITY UPDATE: host info disclosure via qemu monitor
    - debian/patches/CVE-2012-4411.patch: disable qemu monitor by default
      in qemu/vl.c.
    - CVE-2012-4411

Date: 2012-12-11 16:25:33.169344+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/xen/4.1.2-2ubuntu2.4
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list