xen 4.6.5-0ubuntu1 source package in Ubuntu

Changelog

xen (4.6.5-0ubuntu1) xenial; urgency=medium

  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

 -- Stefan Bader <email address hidden>  Tue, 14 Mar 2017 16:08:39 +0100

Upload details

Uploaded by:
Stefan Bader on 2017-03-15
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
amd64 arm64 armhf i386 all
Section:
kernel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xen_4.6.5.orig.tar.xz 3.5 MiB d859fff62afa08076d978851e9d8a8e34c2e301f99139e0feb57545e0674fc6f
xen_4.6.5-0ubuntu1.debian.tar.xz 60.9 KiB 4e5bbe6859023337d50d1d51d3e3f2e8619e7cfc86262e14deb203fe22872b58
xen_4.6.5-0ubuntu1.dsc 3.5 KiB 268f09b9609828b14cd105a429d9e9405f8a64a98b06814d8b7261ae9c2b757f

View changes file

Binary packages built by this source

libxen-4.6: Public libs for Xen

 This package contains the shared toolstack libraries for Xen.

libxen-4.6-dbgsym: debug symbols for package libxen-4.6

 This package contains the shared toolstack libraries for Xen.

libxen-dev: Public headers and libs for Xen

 This package contains the public headers and static libraries for Xen.
 .
 The libxenlight library is intended as a common base for all Xen toolstack
 developers. The libxlutil library contains additional helpers which may
 be useful to toolstack developers.
 .
 The libxenstore library allows userspace processes to interact with the
 XenStore database. XenStore is a shared database used for interdomain
 communication of configuration and status information. It is accessible
 to all domains running on the same Xen host. See
 http://wiki.xen.org/wiki/XenStore for more information.
 .
 The libxenctrl and libxenguest libraries are internal libraries intended
 for use by the Xen toolstack and are not intended to be used directly.
 Toolstack authors should use libxenlight.

libxenstore3.0: Xenstore communications library for Xen

 This package contains the client library interface to XenStore. .

libxenstore3.0-dbgsym: debug symbols for package libxenstore3.0

 This package contains the client library interface to XenStore. .

xen-hypervisor-4.4-amd64: Transitional package for upgrade
xen-hypervisor-4.4-arm64: Transitional package for upgrade
xen-hypervisor-4.4-armhf: Transitional package for upgrade
xen-hypervisor-4.5-amd64: Transitional package for upgrade
xen-hypervisor-4.5-arm64: Transitional package for upgrade
xen-hypervisor-4.5-armhf: Transitional package for upgrade
xen-hypervisor-4.6-amd64: Xen Hypervisor on AMD64

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.

xen-hypervisor-4.6-arm64: Xen Hypervisor on ARM64

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.

xen-hypervisor-4.6-armhf: Xen Hypervisor on ARMHF

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.

xen-system-amd64: Xen System on AMD64 (meta-package)

 This package depends on the latest Xen hypervisor for use on AMD64 and the
 Xen utils.

xen-system-arm64: Xen System on ARM64 (meta-package)

 This package depends on the latest Xen hypervisor for use on ARM64 and the
 Xen utils.

xen-system-armhf: Xen System on ARMHF (meta-package)

 This package depends on the latest Xen hypervisor for use on ARMHF and the
 Xen utils.

xen-utils-4.6: XEN administrative tools

 The userspace tools to manage a system virtualized through the XEN virtual
 machine monitor.

xen-utils-4.6-dbgsym: debug symbols for package xen-utils-4.6

 The userspace tools to manage a system virtualized through the XEN virtual
 machine monitor.

xen-utils-common: Xen administrative tools - common files

 The userspace tools to manage a system virtualized through the Xen virtual
 machine monitor.
 .
 This package is only required on the host system (Domain 0) and not on the
 virtual guest systems (Domain U).

xenstore-utils: Xenstore command line utilities for Xen

 This package contains command line utilities for interacting with
 XenStore.
 .
 XenStore is a shared database used for interdomain communication of
 configuration and status information. It is accessible to all domains
 running on the same Xen host. See http://wiki.xen.org/wiki/XenStore for
 more information.
 .
 In the common case these tools are used by the Xen toolstack running in
 domain0 (or a driver domain) however they may also be used in a guest
 domain to support local scripting which wants to communicate via XenStore.

xenstore-utils-dbgsym: debug symbols for package xenstore-utils

 This package contains command line utilities for interacting with
 XenStore.
 .
 XenStore is a shared database used for interdomain communication of
 configuration and status information. It is accessible to all domains
 running on the same Xen host. See http://wiki.xen.org/wiki/XenStore for
 more information.
 .
 In the common case these tools are used by the Xen toolstack running in
 domain0 (or a driver domain) however they may also be used in a guest
 domain to support local scripting which wants to communicate via XenStore.