[ubuntu/vivid-proposed] xen 4.4.1-3ubuntu2 (Accepted)

Stefan Bader stefan.bader at canonical.com
Fri Nov 28 13:52:14 UTC 2014 

xen (4.4.1-3ubuntu2) vivid; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
  * Pulling in Debian change to start qemu in dom0 (LP: #1396068)
  * Picking up Debian change to recommend grub-xen-host from xen-utils.
  * Picking up Debian change to really include xen-init-name.

Date: Wed, 19 Nov 2014 13:47:12 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xen/4.4.1-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Nov 2014 13:47:12 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: source
Version: 4.4.1-3ubuntu2
Distribution: vivid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description:
 libxen-4.4 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.4 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Launchpad-Bugs-Fixed: 1396068
Changes:
 xen (4.4.1-3ubuntu2) vivid; urgency=low
 .
   * Applying Xen Security Advisories:
     - CVE-2014-8594 / XSA-109
       * x86: don't allow page table updates on non-PV page tables in
         do_mmu_update()
     - CVE-2014-8595 / XSA-110
       * x86emul: enforce privilege level restrictions when loading CS
     - CVE-2014-8866 / XSA-111
       * x86: limit checks in hypercall_xlat_continuation() to actual arguments
     - CVE-2014-8867 / XSA-112
       * x86/HVM: confine internally handled MMIO to solitary regions
     - CVE-2014-9030 / XSA-113
       * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
   * Pulling in Debian change to start qemu in dom0 (LP: #1396068)
   * Picking up Debian change to recommend grub-xen-host from xen-utils.
   * Picking up Debian change to really include xen-init-name.
Checksums-Sha1:
 3bc5e6e0480c15d6ca983c79da3e8adade71a0d1 3053 xen_4.4.1-3ubuntu2.dsc
 5f2f74eb5fe1234d8aaf5b843893d1328d2f56f5 66328 xen_4.4.1-3ubuntu2.debian.tar.xz
Checksums-Sha256:
 a96e5a6b9b2dfa20897e6dc1d5f59923814f645185d0655cad11292880b74253 3053 xen_4.4.1-3ubuntu2.dsc
 5cf578901a789693eb60e8d27767a924893287f9a947956d79d17b6b8b6747ec 66328 xen_4.4.1-3ubuntu2.debian.tar.xz
Files:
 92ac57325107090c9eebd84ac68e6bf8 3053 kernel optional xen_4.4.1-3ubuntu2.dsc
 d2bc32af196cb96bbec759a78cfc729e 66328 kernel optional xen_4.4.1-3ubuntu2.debian.tar.xz
Original-Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUeH3gAAoJEOhnXe7L7s6joR8P/j0ec9ClPEymTBxJk688oVD1
/qJL7LcQsWyWivM3XgXi68mavPoNcx0BDLPrati3LNTPX9brc/8w7bugMsSRqQpJ
FYS4kyW4NBOdaY18QvLMbKuSwU7rnajx/HCnj0AuQz+0fQs0x1Y0GZBfqfStT75B
kNpGsw4mdPvbiphvQl7YKQoRpg3IVD1ab5CNH3Zm4MqzOjy+fpEcerBEtgzFN0Nh
StZVqJ2xoi6m3QZaRvEHb0bz3A6KfJgJWcjSIAHMsgKNU7zGLymAq/MRttqO31kD
wZmdbPAVlvgakRU632dl9YMqu0OKTc806E5qe4lEbQTmyMTIDnqj6y51OkQPiIQg
7wdFnpqlxOAvwYVMa4/h4rvUj2/xNlOdgY7iVy1o04YmTDA/lWIvgESKyDTVq/ZM
SoyubqslHt3G2NOHu9kh+phphY28kfaYEe+t/vMZwfjHjxRUNaEXWtGHaPk78mcr
J/AF7lY61QfbjpdQYXTS0BI1D8BDFUKqBxfTzjYzM11WIi5SxoCzvviJlMVQfJF8
xiVnxkYqkeaNRmP6Jkid9e3ZOGKckMsVnDrLArwTs9diLBc7F0KIPiyzTJDdqfL7
vcEhZ5rtxmIlOXmzxE2/+dMaEFJGkgN3fXukX8ZSbgACO9MXKlExkzwpCL3zRS/P
Y19xSgQATjYCMMXurjCm
=QNWJ
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list