[ubuntu/raring-security] xen 4.2.2-0ubuntu0.13.04.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Nov 12 13:00:09 UTC 2013 

xen (4.2.2-0ubuntu0.13.04.2) raring-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-1432 / XSA-58
      * Page reference counting error due to XSA-45/CVE-2013-1918 fixes
    - CVE-2013-4329 / XSA-61
      * libxl partially sets up HVM passthrough even with disabled iommu
    - CVE-2013-1442 / XSA-62
      * Information leak on AVX and/or LWP capable CPUs
    - CVE-2013-4355 / XSA-63
      * Information leaks through I/O instruction emulation
    - CVE-2013-4361 / XSA-66
      Information leak through fbld instruction emulation
    - CVE-2013-4368 / XSA-67
      * Information leak through outs instruction emulation
    - CVE-2013-4369 / XSA-68
      * possible null dereference when parsing vif ratelimiting info
    - CVE-2013-4370 / XSA-69
      * misplaced free in ocaml xc_vcpu_getaffinity stub
    - CVE-2013-4371 / XSA-70
      * use-after-free in libxl_list_cpupool under memory pressure
    - CVE-2013-4416 / XSA-72
      * ocaml xenstored mishandles oversized message replies
    - CVE-2013-4494 / XSA-73
      * Lock order reversal between page allocation and grant table locks

xen (4.2.2-0ubuntu0.13.04.1) raring-proposed; urgency=low

  * Updating to latest upstream stable release (LP: #1180397).
    - Security patches included which replace existing changes:
      * CVE-2012-5634 / XSA-33, CVE-2013-0151 / XSA-34,
        CVE-2013-0152 / XSA-35, CVE-2013-0153 / XSA-36,
        CVE-2013-0215 / XSA-38, CVE-2012-6075 / XSA-41,
        CVE-2013-1917 / XSA-44, CVE-2013-1919 / XSA-46,
        CVE-2013-1920 / XSA-47
    - Additional security related changes, not included before:
      * CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect ASSERT
                                (debug build only)
      * CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing
                                format specification
    - Bug fixes
      * ACPI APEI/ERST finally working on production systems
      * Bug fixes for other low level system state handling
      * Bug fixes and improvements to the libxl tool stack
      * Bug fixes to nested virtualization
    - Dropping the following patches previously added as they are included
      in the upstream stable release:
      * 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
      * 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
      * 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch

Date: 2013-11-11 19:35:14.468963+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/raring/+source/xen/4.2.2-0ubuntu0.13.04.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Raring-changes mailing list