[ubuntu/trusty-proposed] xen 4.3.0-1ubuntu2 (Accepted)

Stefan Bader stefan.bader at canonical.com
Tue Nov 12 13:13:16 UTC 2013 

xen (4.3.0-1ubuntu2) trusty; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-1442 / XSA-62
      * Information leak on AVX and/or LWP capable CPUs
    - CVE-2013-4355 / XSA-63
      * Information leaks through I/O instruction emulation
    - CVE-2013-4356 / XSA-64
      * Memory accessible by 64-bit PV guests under live migration
    - CVE-2013-4361 / XSA-66
      Information leak through fbld instruction emulation
    - CVE-2013-4368 / XSA-67
      * Information leak through outs instruction emulation
    - CVE-2013-4369 / XSA-68
      * possible null dereference when parsing vif ratelimiting info
    - CVE-2013-4370 / XSA-69
      * misplaced free in ocaml xc_vcpu_getaffinity stub
    - CVE-2013-4371 / XSA-70
      * use-after-free in libxl_list_cpupool under memory pressure
    - CVE-2013-4416 / XSA-72
      * ocaml xenstored mishandles oversized message replies
    - CVE-2013-4494 / XSA-73
      * Lock order reversal between page allocation and grant table locks

Date: Tue, 05 Nov 2013 16:16:05 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/xen/4.3.0-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Nov 2013 16:16:05 +0100
Source: xen
Binary: libxen-4.3 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.3 xen-hypervisor-4.3-amd64 xen-system-amd64 xen-hypervisor-4.3-armhf xen-system-armhf
Architecture: source
Version: 4.3.0-1ubuntu2
Distribution: trusty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description: 
 libxen-4.3 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxen-ocaml - OCaml libraries for controlling Xen
 libxen-ocaml-dev - OCaml libraries for controlling Xen (devel package)
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.3-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.3-armhf - Xen Hypervisor on Arm v7/v8
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-armhf - Xen System on Arm  v7/v8 (meta-package)
 xen-utils-4.3 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore utilities for Xen
Changes: 
 xen (4.3.0-1ubuntu2) trusty; urgency=low
 .
   * Applying Xen Security Advisories:
     - CVE-2013-1442 / XSA-62
       * Information leak on AVX and/or LWP capable CPUs
     - CVE-2013-4355 / XSA-63
       * Information leaks through I/O instruction emulation
     - CVE-2013-4356 / XSA-64
       * Memory accessible by 64-bit PV guests under live migration
     - CVE-2013-4361 / XSA-66
       Information leak through fbld instruction emulation
     - CVE-2013-4368 / XSA-67
       * Information leak through outs instruction emulation
     - CVE-2013-4369 / XSA-68
       * possible null dereference when parsing vif ratelimiting info
     - CVE-2013-4370 / XSA-69
       * misplaced free in ocaml xc_vcpu_getaffinity stub
     - CVE-2013-4371 / XSA-70
       * use-after-free in libxl_list_cpupool under memory pressure
     - CVE-2013-4416 / XSA-72
       * ocaml xenstored mishandles oversized message replies
     - CVE-2013-4494 / XSA-73
       * Lock order reversal between page allocation and grant table locks
Checksums-Sha1: 
 3e5cfea3fc9ba727037397657929a6902070da3c 3031 xen_4.3.0-1ubuntu2.dsc
 54a2a4d65f3d059e31c92b71da5e24ae51c24b38 74616 xen_4.3.0-1ubuntu2.debian.tar.gz
Checksums-Sha256: 
 2acd26e9047b9580ea8998dc49f7accc0a598d89fb591e4f69edb7f2dbb2d037 3031 xen_4.3.0-1ubuntu2.dsc
 6587a9beece4b2b6f94aec1be5db8e59bc1183da608c99ce06e6010d9382cc23 74616 xen_4.3.0-1ubuntu2.debian.tar.gz
Files: 
 792ad5db75ed3c17bf62fdffed46ce08 3031 kernel optional xen_4.3.0-1ubuntu2.dsc
 2d90c8d0d74e2378d141ba762a081ac1 74616 kernel optional xen_4.3.0-1ubuntu2.debian.tar.gz
Original-Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJSgijhAAoJEGVp2FWnRL6T8XQP/j4ax0nVvzlQGYqQWq+AiN3P
ouciHQDfrbSP40mXZJGJVa2odKNzO6bNJMwgjSwV4z7zRJHhi5OjWvr5hs8ZEf71
fISIKnOM0/N5ld/mPz/Xtrf1GpM1GHvkP8Rw1wpronJpH1Bxl3PW6k6R0rJWQSzB
yfYpwg2EIg9FNgtc4Nh7MbppVUaBhDP6hyzPnLD0gn5E/c4Fg5mVYxcuUQx7Ev+W
VzpxQN1y6J1yEP4fUdDHS0nJMvnKHfhFgvx36C4MVZOHFEf4ELbZczg0BvQ0bvT7
pwC8W1MB+ulFI/M3Lom0+SGfVzjUbQTi0jE9K1WoYBnesX7NEBwySLLQcJUlvcVW
kcwYsMhttEm4VgHI6tkADV0gQ42nXwJCB2ofMvoE3yyQTAQ557ojIessmeYbtCLc
l5yleC0/yrHGKdkD74qfyTECmrQyAm6vpLlpDojYEst1IxWYkDQL6/MiW1DCL6he
f5NIAQh1GvZDmOIL8aOheAeLCHOnXhCBD3ffbQMZAPeMaHkakrtWPRSptwzMmASM
ghg3noZTFd4rzWYVXoiCVqVe+YwZQ1fnsVZPcmIQNJqTexnunR1P8eulR4a+jnaE
OEmP6lU8di/jjL8QescOssAeWHE+KYLNBomCj2bH5K+QapAlKG7HnDHFpZdBk9Nw
1vbPnItEGeoGsxeVUkZh
=g7ko
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list