[ubuntu/precise-security] xen (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Sep 2 19:59:14 UTC 2015

xen ( precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-5146 / XSA-097
      * Combine hap/shadow and log_dirty_log
      * x86/mm/hap: Adjust vram tracking to play nicely with log-dirty.
      * x86/paging: make log-dirty operations preemptible
    - CVE-2015-2752 / XSA-125
      * Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
        GFNs (or less)
    - CVE-2015-2756 / XSA-126 (QEMU traditional)
      * xen: limit guest control of PCI command register
    - CVE-2015-4103 / XSA-128
      * properly gate host writes of modified PCI CFG contents
    - CVE-2015-4104 / XSA-129
      * xen: don't allow guest to control MSI mask register
    - CVE-2015-4105 / XSA-130
      * xen/MSI-X: disable logging by default
    - CVE-2015-4106 / XSA-131
      * xen/MSI: don't open-code pass-through of enable bit modifications
      * xen/pt: consolidate PM capability emu_mask
      * xen/pt: correctly handle PM status bit
      * xen/pt: split out calculation of throughable mask in PCI config space
      * xen/pt: mark all PCIe capability bits read-only
      * xen/pt: mark reserved bits in PCI config space fields
      * xen/pt: add a few PCI config space field descriptions
      * xen/pt: unknown PCI config space fields should be read-only
    - CVE-2015-3340 / XSA-132
      * domctl/sysctl: don't leak hypervisor stack to toolstacks
    - CVE-2015-3456 / XSA-133
      * qemut: fdc: force the fifo access to be in bounds of the
        allocated buffer
    - CVE-2015-3209 / XSA-135
      * pcnet: fix Negative array index read
      * pcnet: force the buffer access to be in bounds during tx
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-5154 / XSA-138
      * ide: Check array bounds before writing to io_buffer
      * ide: Clear DRQ after handling all expected accesses
    - CVE-2015-5165 / XSA-140
      * rtl8139: avoid nested ifs in IP header parsing
      * rtl8139: drop tautologous if (ip) {...} statement
      * rtl8139: skip offload on short Ethernet/IP header
      * rtl8139: check IP Header Length field
      * rtl8139: check IP Total Length field
      * rtl8139: skip offload on short TCP header
      * rtl8139: check TCP Data Offset field

Date: 2015-09-02 17:58:13.751485+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list