[ubuntu/trusty-security] xen 4.4.2-0ubuntu0.14.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Sep 2 19:59:18 UTC 2015
xen (4.4.2-0ubuntu0.14.04.2) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-4103 / XSA-128
* properly gate host writes of modified PCI CFG contents
- CVE-2015-4104 / XSA-129
* xen: don't allow guest to control MSI mask register
- CVE-2015-4105 / XSA-130
* xen/MSI-X: disable logging by default
- CVE-2015-4106 / XSA-131
* xen/MSI: don't open-code pass-through of enable bit modifications
* xen/pt: consolidate PM capability emu_mask
* xen/pt: correctly handle PM status bit
* xen/pt: split out calculation of throughable mask in PCI config space
handling
* xen/pt: mark all PCIe capability bits read-only
* xen/pt: mark reserved bits in PCI config space fields
* xen/pt: add a few PCI config space field descriptions
* xen/pt: unknown PCI config space fields should be read-only
- CVE-2015-4163 / XSA-134
* gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
- CVE-2015-3209 / XSA-135
* pcnet: fix Negative array index read
* pcnet: force the buffer access to be in bounds during tx
- CVE-2015-4164 / XSA-136
* x86/traps: loop in the correct direction in compat_iret()
- CVE-2015-3259 / XSA-137
* xl: Sane handling of extra config file arguments
- CVE-2015-5154 / XSA-138
* ide: Check array bounds before writing to io_buffer
* ide: Clear DRQ after handling all expected accesses
- CVE-2015-5165 / XSA-140
* rtl8139: avoid nested ifs in IP header parsing
* rtl8139: drop tautologous if (ip) {...} statement
* rtl8139: skip offload on short Ethernet/IP header
* rtl8139: check IP Header Length field
* rtl8139: check IP Total Length field
* rtl8139: skip offload on short TCP header
* rtl8139: check TCP Data Offset field
- CVE-2015-6654 / XSA-141
* xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
xen (4.4.2-0ubuntu0.14.04.1) trusty; urgency=low
* Updating to lastest upstream stable release 4.4.2 (LP: #1476666)
- Replacing the following security changes by upstream versions:
* CVE-2014-5146, CVE-2014-5149 / XSA-97,
CVE-2014-3969, CVE-2015-2290 / XSA-98 (additional fix),
CVE-2014-7154 / XSA-104, CVE-2014-7155 / XSA-105,
CVE-2014-7156 / XSA-106, CVE-2014-6268 / XSA-107,
CVE-2014-7188 / XSA-108, CVE-2014-8594 / XSA-109,
CVE-2014-8595 / XSA-110, CVE-2014-8866 / XSA-111,
CVE-2014-8867 / XSA-112, CVE-2014-9030 / XSA-113,
CVE-2014-9065, CVE-2014-9066 / XSA-114,
CVE-2015-0361 / XSA-116, CVE-2015-1563 / XSA-118,
CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123
* Refreshed d/p/version.patch to fix some fuzz when applying. No
functional change.
Date: 2015-09-02 17:53:17.556362+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xen/4.4.2-0ubuntu0.14.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list