xen 4.11.3+24-g14b62ab3e5-1ubuntu2.3 source package in Ubuntu
Changelog
xen (4.11.3+24-g14b62ab3e5-1ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Fix multiple vulnerabilities
- d/p/xsa312-4.11.patch: Place a speculation barrier sequence
following an eret instruction
- d/p/CVE-2020-11740-and-CVE-2020-11741-1.patch: clear buffer intended
to be shared with guests
- d/p/CVE-2020-11740-and-CVE-2020-11741-2.patch: limit consumption of
shared buffer data
- d/p/CVE-2020-11739.patch: Add missing memory barrier in the unlock
path of rwlock
- d/p/CVE-2020-11743.patch: Fix error path in map_grant_ref()
- d/p/CVE-2020-11742.patch: fix GNTTABOP_copy continuation handling
- d/p/CVE-2020-0543-1.patch: CPUID/MSR definitions for Special
Register Buffer Data Sampling
- d/p/CVE-2020-0543-2.patch: Mitigate the Special Register Buffer
Data Sampling sidechannel
- d/p/CVE-2020-0543-3.patch: Allow the RDRAND/RDSEED features to be
hidden
- d/p/CVE-2020-15566.patch: Don't ignore error in get_free_port()
- d/p/CVE-2020-15563.patch: correct an inverted conditional in dirty
VRAM tracking
- d/p/CVE-2020-15565-1.patch: improve IOMMU TLB flush
- d/p/CVE-2020-15565-2.patch: prune (and rename) cache flush
functions
- d/p/CVE-2020-15565-3.patch: introduce a cache sync hook
- d/p/CVE-2020-15565-4.patch: don't assume addresses are aligned in
sync_cache
- d/p/CVE-2020-15564.patch: Check the alignment of the offset passed
via VCPUOP_register_vcpu_info
- d/p/CVE-2020-15567-1.patch: ept_set_middle_entry() related
adjustments
- d/p/CVE-2020-15567-2.patch: atomically modify entries in
ept_next_level
- d/p/CVE-2020-25602.patch: Handle the Intel-specific MSR_MISC_ENABLE
correctly
- d/p/CVE-2020-25604.patch: fix race when migrating timers between
vCPUs
- d/p/CVE-2020-25595-1.patch: get rid of read_msi_msg
- d/p/CVE-2020-25595-2.patch: restrict reading of table/PBA bases
from BARs
- d/p/CVE-2020-25597.patch: relax port_is_valid()
- d/p/CVE-2020-25596.patch: Avoid double exception injection
- d/p/CVE-2020-25603.patch: Add missing barriers when
accessing/allocating an event channel
- d/p/CVE-2020-25600.patch: enforce correct upper limit for 32-bit
guests
- d/p/CVE-2020-25599-1.patch: evtchn_reset() shouldn't succeed with
still-open ports
- d/p/CVE-2020-25599-2.patch: convert per-channel lock to be IRQ-safe
- d/p/CVE-2020-25599-3.patch: address races with evtchn_reset()
- d/p/CVE-2020-25601-1.patch: arrange for preemption in
evtchn_destroy()
- d/p/CVE-2020-25601-2.patch: arrange for preemption in evtchn_reset()
- CVE-2020-11740
- CVE-2020-11741
- CVE-2020-11739
- CVE-2020-11743
- CVE-2020-11742
- CVE-2020-0543
- CVE-2020-15566
- CVE-2020-15563
- CVE-2020-15565
- CVE-2020-15564
- CVE-2020-15567
- CVE-2020-25602
- CVE-2020-25604
- CVE-2020-25595
- CVE-2020-25597
- CVE-2020-25596
- CVE-2020-25603
- CVE-2020-25600
- CVE-2020-25599
- CVE-2020-25601
-- Luís Infante da Câmara <email address hidden> Mon, 22 Aug 2022 11:20:03 +0200
Upload details
- Uploaded by:
- Luís Infante da Câmara
- Sponsored by:
- Eduardo Barretto
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- amd64 arm64 armhf i386 all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | kernel | |
| Focal | security | universe | kernel |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xen_4.11.3+24-g14b62ab3e5.orig.tar.xz | 4.0 MiB | 2286fbfbf986ea4baaae4cad8b3adab3bbd1a966cb019dd3f59a177b8036d189 |
| xen_4.11.3+24-g14b62ab3e5-1ubuntu2.3.debian.tar.xz | 221.1 KiB | d48a5b6399a74f2475a1c2a22b58afbf143a379fa8a570f5288257c2ea8fb3da |
| xen_4.11.3+24-g14b62ab3e5-1ubuntu2.3.dsc | 4.4 KiB | f7718f51aec6570b59c890fa418289c497f3c8a7c977460436c7d21c74a66ddd |
Available diffs
Binary packages built by this source
- libxen-dev: Public headers and libs for Xen
This package contains the public headers and static libraries for Xen.
.
The libxenlight library is intended as a common base for all Xen toolstack
developers. The libxlutil library contains additional helpers which may
be useful to toolstack developers.
.
The libxenstore library allows userspace processes to interact with
the XenStore database. Command line tools for accessing xenstore are
provided is via the xenstore-utils package.
.
Most of the other included libraries are internal, and intended for
use by the Xen toolstack, rather than directly.
- libxencall1: Xen runtime library - libxencall
Shared library for Xen utilities.
- libxencall1-dbgsym: debug symbols for libxencall1
- libxendevicemodel1: Xen runtime libraries - libxendevicemodel
Shared library for Xen utilities.
- libxendevicemodel1-dbgsym: debug symbols for libxendevicemodel1
- libxenevtchn1: Xen runtime libraries - libxenevtchn
Shared library for Xen utilities.
- libxenevtchn1-dbgsym: debug symbols for libxenevtchn1
- libxenforeignmemory1: Xen runtime libraries - libxenforeignmemory
Shared library for Xen utilities.
- libxenforeignmemory1-dbgsym: debug symbols for libxenforeignmemory1
- libxengnttab1: Xen runtime libraries - libxengnttab
Shared library for Xen utilities.
- libxengnttab1-dbgsym: debug symbols for libxengnttab1
- libxenmisc4.11: Xen runtime libraries - miscellaneous, versioned ABI
Shared libraries for Xen utilities.
This package contains libraries whose ABI changes with each
new upstream Xen release, which include ones which embed
knowledge of hypervisor-version- specific hypercall ABIs.
- libxenmisc4.11-dbgsym: debug symbols for libxenmisc4.11
- libxenstore3.0: Xen runtime libraries - libxenstore
Shared library for Xen utilities.
- libxenstore3.0-dbgsym: debug symbols for libxenstore3.0
- libxentoolcore1: Xen runtime libraries - libxentoolcore
Shared library for Xen utilities.
- libxentoolcore1-dbgsym: debug symbols for libxentoolcore1
- libxentoollog1: Xen runtime libraries - libxentoollog
Shared library for Xen utilities.
- libxentoollog1-dbgsym: debug symbols for libxentoollog1
- xen-doc: XEN documentation
Documentation for the Xen hypervisor and surrounding software,
including descriptions of the hypercall interfaces and of some
of the library APIs.
.
You do not need this package for the primary manpages for the
Xen control utilities, as those are in the xen-utils-common package.
- xen-hypervisor-4.11-amd64: Xen Hypervisor on AMD64
The hypervisor is the "core" for XEN itself. It gets booted by the boot
loader and controls cpu and memory, sharing them between your
administrative domain (Domain 0) and the virtual guest systems.
.
In order to boot a XEN system along with this package you also need a
kernel specifically crafted to work as the Domain 0, mediating hardware
access for XEN itself.
- xen-hypervisor-4.11-arm64: Xen Hypervisor on ARM64
The hypervisor is the "core" for XEN itself. It gets booted by the boot
loader and controls cpu and memory, sharing them between your
administrative domain (Domain 0) and the virtual guest systems.
.
In order to boot a XEN system along with this package you also need a
kernel specifically crafted to work as the Domain 0, mediating hardware
access for XEN itself.
- xen-hypervisor-4.11-armhf: Xen Hypervisor on ARMHF
The hypervisor is the "core" for XEN itself. It gets booted by the boot
loader and controls cpu and memory, sharing them between your
administrative domain (Domain 0) and the virtual guest systems.
.
In order to boot a XEN system along with this package you also need a
kernel specifically crafted to work as the Domain 0, mediating hardware
access for XEN itself.
- xen-hypervisor-4.9-amd64: Transitional package for upgrade
The hypervisor is the "core" for XEN itself. It gets booted by the boot
loader and controls cpu and memory, sharing them between your
administrative domain (Domain 0) and the virtual guest systems.
.
In order to boot a XEN system along with this package you also need a
kernel specifically crafted to work as the Domain 0, mediating hardware
access for XEN itself.
.
This is a transitional package. You can safely remove it.
- xen-hypervisor-4.9-arm64: Transitional package for upgrade
The hypervisor is the "core" for XEN itself. It gets booted by the boot
loader and controls cpu and memory, sharing them between your
administrative domain (Domain 0) and the virtual guest systems.
.
In order to boot a XEN system along with this package you also need a
kernel specifically crafted to work as the Domain 0, mediating hardware
access for XEN itself.
.
This is a transitional package. You can safely remove it.
- xen-hypervisor-4.9-armhf: Transitional package for upgrade
The hypervisor is the "core" for XEN itself. It gets booted by the boot
loader and controls cpu and memory, sharing them between your
administrative domain (Domain 0) and the virtual guest systems.
.
In order to boot a XEN system along with this package you also need a
kernel specifically crafted to work as the Domain 0, mediating hardware
access for XEN itself.
.
This is a transitional package. You can safely remove it.
- xen-hypervisor-common: Xen Hypervisor - common files
The configuration which arranges for an installed hypervisor to be booted
as default, with the right command line arguments passed to both
hypervisor and host (Domain 0) kernel.
.
This package is only required on the host system (Domain 0) and not on the
virtual guest systems (Domain U).
- xen-system-amd64: Xen System on AMD64 (metapackage)
This package depends on the latest Xen hypervisor for use on AMD64 and the
Xen utils.
- xen-system-arm64: Xen System on ARM64 (metapackage)
This package depends on the latest Xen hypervisor for use on ARM64 and the
Xen utils.
- xen-system-armhf: Xen System on ARMHF (metapackage)
This package depends on the latest Xen hypervisor for use on ARMHF and the
Xen utils.
- xen-utils-4.11: XEN administrative tools
The userspace tools to manage a system virtualized through the XEN virtual
machine monitor.
.
qemu-utils and seabios are neded for "Xen HVM" (amd64 and i386)
- xen-utils-4.11-dbgsym: debug symbols for xen-utils-4.11
- xen-utils-common: Xen administrative tools - common files
The userspace tools to manage a system virtualized through the Xen virtual
machine monitor.
.
This package is only required on the host system (Domain 0) and not on the
virtual guest systems (Domain U).
- xen-utils-common-dbgsym: debug symbols for xen-utils-common
- xenstore-utils: Xenstore command line utilities for Xen
This package contains command line utilities for interacting with
XenStore.
.
XenStore is a shared database used for interdomain communication of
configuration and status information. It is accessible to all domains
running on the same Xen host. See https://wiki.xen. org/wiki/ XenStore for
more information.
.
In the common case these tools are used by the Xen toolstack running in
domain0 (or a driver domain) however they may also be used in a guest
domain to support local scripting which wants to communicate via XenStore.
- xenstore-utils-dbgsym: debug symbols for xenstore-utils
