[ubuntu/precise-security] xen 4.1.5-0ubuntu0.12.04.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Dec 17 16:56:30 UTC 2013


xen (4.1.5-0ubuntu0.12.04.2) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-1432 / XSA-58
      * Page reference counting error due to XSA-45/CVE-2013-1918 fixes
    - CVE-2013-4329 / XSA-61
      * libxl partially sets up HVM passthrough even with disabled iommu
    - CVE-2013-1442 / XSA-62
      * Information leak on AVX and/or LWP capable CPUs
    - CVE-2013-4355 / XSA-63
    - CVE-2013-4361 / XSA-66
      Information leak through fbld instruction emulation
    - CVE-2013-4368 / XSA-67
      * Information leak through outs instruction emulation
    - CVE-2013-4370 / XSA-69
      * misplaced free in ocaml xc_vcpu_getaffinity stub
    - CVE-2013-4416 / XSA-72
      * ocaml xenstored mishandles oversized message replies
    - CVE-2013-4494 / XSA-73
      * Lock order reversal between page allocation and grant table locks
    - CVE-2013-4553 / XSA-74
      * Lock order reversal between page_alloc_lock and mm_rwlock
    - CVE-2013-4554 / XSA-76
      * Hypercalls exposed to privilege rings 1 and 2 of HVM guests
    - CVE-2013-6885 / XSA-82
      * Guest triggerable AMD CPU erratum may cause host hang

xen (4.1.5-0ubuntu0.12.04.1) precise-proposed; urgency=low

  * Updating to lastest upstream stable release (LP: #1180396).
  * Update to upstream 4.1.5:
    - Replacing the following security changes by upstream versions:
      * CVE-2012-5634 / XSA-33, CVE-2013-0153 / XSA-36,
        CVE-2013-0215 / XSA-38, CVE-2012-6075 / XSA-41,
        CVE-2013-1917 / XSA-44, CVE-2013-1919 / XSA-46,
        CVE-2013-1920 / XSA-47, CVE-2013-1964 / XSA-50
    - Bug fixes:
      * ACPI APEI/ERST finally working on production systems
      * Bug fixes for other low level system state handling
      * Support for xz compressed Dom0 and DomU kernels
  * Update to upstream 4.1.4:
    - Replacing the following security changes by upstream versions:
      * CVE-2012-3494 / XSA-12, CVE-2012-3495 / XSA-13,
        CVE-2012-3496 / XSA-14, CVE-2012-3498 / XSA-16,
        CVE-2012-3515 / XSA-17, CVE-2012-4411 / XSA-19,
        CVE-2012-4535 / XSA-20, CVE-2012-4536 / XSA-21,
        CVE-2012-4537 / XSA-22, CVE-2012-4538 / XSA-23,
        CVE-2012-4539 / XSA-24, CVE-2012-4544 / XSA-25,
        CVE-2012-2625 / XSA-25, CVE-2012-5510 / XSA-26,
        CVE-2012-5511 / XSA-27, CVE-2012-5512 / XSA-28,
        CVE-2012-5513 / XSA-29, CVE-2012-5514 / XSA-30,
        CVE-2012-5515 / XSA-31
    - Bug fixes:
      * A fix for a long standing time management issue
      * Bug fixes for S3 (suspend to RAM) handling
      * Bug fixes for other low level system state handling
  * Update to upstream 4.1.3:
    - Replacing the following security changes by upstream versions:
      * CVE-2012-0217 / XSA-7,  CVE-2012-0218 / XSA-8,  
        CVE-2012-2934 / XSA-9,  CVE-2012-3432 / XSA-10,
        CVE-2012-3433 / XSA-11
    - Bug fixes:
      * Updates for the latest Intel/AMD CPU revisions
      * Bug fixes and improvements to the libxl tool stack
      * Bug fixes for IOMMU handling (device passthrough to HVM guests)
      * Bug fixes for host kexec/kdump
  * Dropping the following patches previously added as they are included
    in the upstream stable release:
    - upstream-24883-adcd6ab160fa.patch
    - xen-introduce-xzalloc.patch
    - xen-backport-per-device-vector-map.patch
    - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
    - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
    - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
  * Fix translation import problem caused by duplicate message ID
    (LP: #1176209).
    - tools-xm-fix-duplicate-msgid.patch

Date: 2013-12-17 16:32:14.915277+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/xen/4.1.5-0ubuntu0.12.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list