Changelog
xen (4.11.4+24-gddaaccbbab-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enforce python2 usage
- Build-depend on python2-dev.
- Build using python2.
- Build-depend on lmodern.
- Set python2 for xen-init-name and xen-init-list scripts
- Recommend qemu-system-x86-xen
- Force fcf-protection off when using -mindirect-branch
- Strip .note.gnu.property section for intermediate files
- Add transitional packages for upgrades
- Handle config file moving between packages
- Update: Building hypervisor with cf-protection enabled
xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium
* Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
security fixes for the following issues:
- inverted code paths in x86 dirty VRAM tracking
XSA-319 CVE-2020-15563
- Special Register Buffer speculative side channel
XSA-320 CVE-2020-0543
N.B: To mitigate this issue, new cpu microcode is required. The changes
in Xen provide a workaround for affected hardware that is not receiving
a vendor microcode update. Please refer to the upstream XSA-320 Advisory
text for more details.
- insufficient cache write-back under VT-d
XSA-321 CVE-2020-15565
- Missing alignment check in VCPUOP_register_vcpu_info
XSA-327 CVE-2020-15564
- non-atomic modification of live EPT PTE
XSA-328 CVE-2020-15567
xen (4.11.4-1) unstable; urgency=medium
* Update to new upstream version 4.11.4, which also contains security fixes
for the following issues:
- arm: a CPU may speculate past the ERET instruction
XSA-312 (no CVE yet)
- multiple xenoprof issues
XSA-313 CVE-2020-11740 CVE-2020-11741
- Missing memory barriers in read-write unlock paths
XSA-314 CVE-2020-11739
- Bad error path in GNTTABOP_map_grant
XSA-316 CVE-2020-11743
- Bad continuation handling in GNTTABOP_copy
XSA-318 CVE-2020-11742
* xen-utils and xen-utils-common maint scripts: Replace the previous fix in
the xen init script with a better fix in the xen-utils package instead, to
prevent calling the init script stop action (resulting in a disappeared
xenconsoled) when removing a xen-utils package that belongs to a previous
(not currently runing) Xen version. Also prevent the xen-utils-common
package from inadvertently calling stop and start actions because
dh_installinit would add code for that. (Closes: #932759)
* debian/NEWS: Mention fixing #932759 and how to deal with the bug
-- Gianfranco Costamagna <email address hidden> Mon, 24 Aug 2020 17:25:22 +0200