[ubuntu/trusty-security] xen 4.4.2-0ubuntu0.14.04.11 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon May 15 11:42:15 UTC 2017 

xen (4.4.2-0ubuntu0.14.04.11) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: exempt dom0 from domU node quotas
      * oxenstored: perform a 3-way merge of the quota after a transaction
      * oxenstored: catch the error when a connection is already deleted
      * oxenstored: use hash table to store socket connections
      * oxenstored: enable domain connection indexing based on eventchn port
      * oxenstored: only process domain connections that notify us by events
      * oxenstored: add a safe net mechanism for existing ill-behaved clients
      * oxenstored: refactor putting response on wire
      * oxenstored: remove some unused parameters
      * oxenstored: refactor request processing
      * oxenstored: keep track of each transaction's operations
      * oxenstored: move functions that process simple operations
      * oxenstored: replay transaction upon conflict
      * oxenstored: log request and response during transaction replay
      * oxenstored: allow compilation prior to OCaml 3.12.0
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - XSA-207
      * IOMMU: always call teardown callback
    - CVE-2017-2615 / XSA-208
      * CVE-2014-8106: cirrus: fix blit region check
      * cirrus: fix oob access issue (CVE-2017-2615)
    - CVE-2017-2620 / XSA-209
      * cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
    - CVE-2016-9603 / XSA-211
      * cirrus/vnc: zap drop bitblit support from console code.
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages
    - XSA-215
      * x86: correct create_bounce_frame

xen (4.4.2-0ubuntu0.14.04.10) trusty; urgency=medium

  * Backport upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

Date: 2017-05-12 11:59:14.053198+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xen/4.4.2-0ubuntu0.14.04.11
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list