-
xen (4.4.2-0ubuntu0.14.04.14) trusty-security; urgency=medium
* Applying Xen Security Advisories:
- CVE-2017-14316 / XSA-231
- xen/mm: make sure node is less than MAX_NUMNODES
- CVE-2017-14317 / XSA-233
- tools/xenstore: dont unlink connection object twice
- CVE-2017-14319 / XSA-234
- gnttab: also validate PTE permissions upon destroy/replace
- XSA-235
- arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
- XSA-237
- x86: don't allow MSI pIRQ mapping on unowned device
- x86: enforce proper privilege when (un)mapping pIRQ-s
- x86/MSI: disallow redundant enabling
- x86/MSI: fix error handling
- x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
paths
- x86/FLASK: fix unmap-domain-IRQ XSM hook
- XSA-239
- x86/HVM: prefill partially used variable on emulation paths
- XSA-240
- x86: limit linear page table use to a single level
- x86/mm: Disable PV linear pagetables by default
- XSA-241
- x86: don't store possibly stale TLB flush time stamp
- XSA-242
- x86: don't allow page_unlock() to drop the last type reference
- XSA-243
- x86: Disable the use of auto-translated PV guestsx86: Disable the use
of auto-translated PV guests
- x86/shadow: Don't create self-linear shadow mappings for 4-level
translated guests
- XSA-244
- x86/cpu: Fix IST handling during PCPU bringup
xen (4.4.2-0ubuntu0.14.04.13) trusty-security; urgency=medium
* Applying Xen Security Advisories:
- XSA-226 / CVE-2017-12135
- gnttab: don't use possibly unbounded tail calls
- gnttab: fix transitive grant handling
- XSA-227 / CVE-2017-12137
- x86/grant: Disallow misaligned PTEs
- XSA-230 / CVE-2017-12855
- gnttab: correct pin status fixup for copy
-- Stefan Bader <email address hidden> Wed, 11 Oct 2017 16:26:04 +0200
-
xen (4.4.2-0ubuntu0.14.04.12) trusty-security; urgency=low
* Applying Xen Security Advisories:
- XSA-217
- x86/mm: disallow page stealing from HVM domains
- XSA-218
- IOMMU: handle IOMMU mapping and unmapping failures
- gnttab: fix unmap pin accounting race
- gnttab: Avoid potential double-put of maptrack entry
- gnttab: correct maptrack table accesses
- XSA-219
- 86/shadow: Hold references for the duration of emulated writes
- XSA-221
- evtchn: avoid NULL derefs
- XSA-222
- xen/memory: Fix return value handing of guest_remove_page()
- guest_physmap_remove_page() needs its return value checked
- XSA-224
- gnttab: Fix handling of dev_bus_addr during unmap
- gnttab: never create host mapping unless asked to
- gnttab: correct logic to get page references during map requests
- gnttab: __gnttab_unmap_common_complete() is all-or-nothing
-- Stefan Bader <email address hidden> Tue, 04 Jul 2017 12:20:19 +0200
-
xen (4.4.2-0ubuntu0.14.04.11) trusty-security; urgency=low
* Applying Xen Security Advisories:
- XSA-206
* xenstored: apply a write transaction rate limit
* xenstored: Log when the write transaction rate limit bites
* oxenstored: exempt dom0 from domU node quotas
* oxenstored: perform a 3-way merge of the quota after a transaction
* oxenstored: catch the error when a connection is already deleted
* oxenstored: use hash table to store socket connections
* oxenstored: enable domain connection indexing based on eventchn port
* oxenstored: only process domain connections that notify us by events
* oxenstored: add a safe net mechanism for existing ill-behaved clients
* oxenstored: refactor putting response on wire
* oxenstored: remove some unused parameters
* oxenstored: refactor request processing
* oxenstored: keep track of each transaction's operations
* oxenstored: move functions that process simple operations
* oxenstored: replay transaction upon conflict
* oxenstored: log request and response during transaction replay
* oxenstored: allow compilation prior to OCaml 3.12.0
* oxenstored: comments explaining some variables
* oxenstored: handling of domain conflict-credit
* oxenstored: ignore domains with no conflict-credit
* oxenstored: add transaction info relevant to history-tracking
* oxenstored: support commit history tracking
* oxenstored: only record operations with side-effects in history
* oxenstored: discard old commit-history on txn end
* oxenstored: track commit history
* oxenstored: blame the connection that caused a transaction conflict
* oxenstored: allow self-conflicts
* oxenstored: do not commit read-only transactions
* oxenstored: don't wake to issue no conflict-credit
* oxenstored transaction conflicts: improve logging
* oxenstored: trim history in the frequent_ops function
- XSA-207
* IOMMU: always call teardown callback
- CVE-2017-2615 / XSA-208
* CVE-2014-8106: cirrus: fix blit region check
* cirrus: fix oob access issue (CVE-2017-2615)
- CVE-2017-2620 / XSA-209
* cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
- CVE-2016-9603 / XSA-211
* cirrus/vnc: zap drop bitblit support from console code.
- CVE-2017-7228 / XSA-212
* memory: properly check guest memory ranges in XENMEM_exchange handling
- XSA-213
* multicall: deal with early exit conditions
- XSA-214
* x86: discard type information when stealing pages
- XSA-215
* x86: correct create_bounce_frame
-- Stefan Bader <email address hidden> Tue, 09 May 2017 10:13:50 +0200
-
xen (4.4.2-0ubuntu0.14.04.10) trusty; urgency=medium
* Backport upstream change to fix TSC_ADJUST MSR handling in HVM
guests running on Intel based hosts (LP: #1671760)
-- Stefan Bader <email address hidden> Tue, 14 Mar 2017 11:17:48 +0100
-
xen (4.4.2-0ubuntu0.14.04.9) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-9386 / XSA-191
* x86/hvm: Fix the handling of non-present segments
- CVE-2016-9382 / XSA-192
* x86/HVM: don't load LDTR with VM86 mode attrs during task switch
- CVE-2016-9385 / XSA-193
* x86/PV: writes of %fs and %gs base MSRs require canonical addresses
- CVE-2016-9383 / XSA-195
* x86emul: fix huge bit offset handling
- CVE-2016-9381 / XSA-197
* xen: fix ioreq handling
- CVE-2016-9379, CVE-2016-9380 / XSA-198
* pygrub: Properly quote results, when returning them to the caller
- CVE-2016-9637 / XSA-199
* qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
- CVE-2016-9932 / XSA-200
* x86emul: CMPXCHG8B ignores operand size prefix
- CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
* arm64: handle guest-generated EL1 asynchronous abort
* arm64: handle async aborts delivered while at EL2
* arm: crash the guest when it traps on external abort
* arm32: handle async aborts delivered while at HYP
- CVE-2016-10024 / XSA-202
* x86: force EFLAGS.IF on when exiting to PV guests
- CVE-2016-10013 / XSA-204
* x86/emul: Correct the handling of eflags with SYSCALL
-- Stefan Bader <email address hidden> Tue, 10 Jan 2017 16:47:39 +0100
-
xen (4.4.2-0ubuntu0.14.04.7) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-6258 / XSA-182
* x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
- CVE-2016-5403 / XSA-184
* virtio: error out if guest exceeds virtqueue size
- CVE-2016-7092 / XSA-185
* x86/32on64: don't allow recursive page tables from L3
- CVE-2016-7094 / XSA-187
* x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
* x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
- CVE-2016-7154 / XSA-188
* evtchn-fifo: prevent use after free
- CVE-2016-7777 / XSA-190
* x86emul: honor guest CR0.TS and CR0.EM
-- Stefan Bader <email address hidden> Thu, 06 Oct 2016 15:56:51 +0200
-
xen (4.4.2-0ubuntu0.14.04.6) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-3158, CVE-2016-3159 / XSA-172
* x86: fix information leak on AMD CPUs
- CVE-2016-3960 / XSA-173
* x86: limit GFNs to 32 bits for shadowed superpages.
- CVE-2016-4962 / XSA-175
* libxl: Record backend/frontend paths in /libxl/$DOMID
* libxl: Provide libxl__backendpath_parse_domid
* libxl: Do not trust frontend in libxl__devices_destroy
* libxl: Do not trust frontend in libxl__device_nextid
* libxl: Do not trust frontend for disk eject event
* libxl: Do not trust frontend for disk in getinfo
* libxl: Do not trust frontend for vtpm list
* libxl: Do not trust frontend for vtpm in getinfo
* libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
* libxl: Do not trust frontend for nic in getinfo
* libxl: Cleanup: Have libxl__alloc_vdev use /libxl
* libxl: Document ~/serial/ correctly
- CVE-2016-4480 / XSA-176
* x86/mm: fully honor PS bits in guest page table walks
- CVE-2016-4963 / XSA-178
* libxl: Do not trust backend for vtpm in getinfo (except uuid)
* libxl: Do not trust backend for vtpm in getinfo (uuid)
* libxl: cdrom eject and insert: write to /libxl
* libxl: Do not trust backend for disk eject vdev
* libxl: Do not trust backend for disk; fix driver domain disks list
* libxl: Do not trust backend for disk in getinfo
* libxl: Do not trust backend for cdrom insert
* libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
* libxl: Rename READ_BACKEND to READ_LIBXLDEV
* libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
* libxl: Do not trust backend in nic getinfo
* libxl: Do not trust backend for nic in devid_to_device
* libxl: Do not trust backend for nic in list
* libxl: Cleanup: use libxl__backendpath_parse_domid in
libxl__device_disk_from_xs_be
* libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
- CVE-2016-3710 / XSA-179 (qemu traditional)
* vga: fix banked access bounds checking
* vga: add vbe_enabled() helper
* vga: factor out vga register setup
* vga: update vga register setup on vbe changes
* vga: make sure vga register setup for vbe stays intact
- CVE-2014-3672 / XSA-180 (qemu traditional)
* main loop: Big hammer to fix logfile disk DoS in Xen setups
- CVE-2016-5242 / XSA-181
* xen/arm: Don't free p2m->first_level in p2m_teardown() before
it has been allocated
-- Stefan Bader <email address hidden> Mon, 06 Jun 2016 14:17:35 +0200
-
xen (4.4.2-0ubuntu0.14.04.5) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-2270 / XSA-154
* x86: enforce consistent cachability of MMIO mappings
- CVE-2016-1570 / XSA-167
* x86/mm: PV superpage handling lacks sanity checks
- CVE-2016-1571 / XSA-168
* x86/VMX: prevent INVVPID failure due to non-canonical guest address
- CVE-2015-8615 / XSA-169
* x86: make debug output consistent in hvm_set_callback_via
- CVE-2016-2271 / XSA-170
* x86/VMX: sanitize rIP before re-entering guest
-- Stefan Bader <email address hidden> Tue, 23 Feb 2016 22:16:17 +0100
-
xen (4.4.2-0ubuntu0.14.04.4) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-8550 / XSA-155
* blkif: Avoid double access to src->nr_segments
* xenfb: avoid reading twice the same fields from the shared page
* xen: Add RING_COPY_REQUEST()
* blktap2: Use RING_COPY_REQUEST
* libvchan: Read prod/cons only once.
- CVE-2015-8338 / XSA-158
* memory: split and tighten maximum order permitted in memops
- CVE-2015-8339, CVE-2015-8340 / XSA-159
* memory: fix XENMEM_exchange error handling
- CVE-2015-8341 / XSA-160
* libxl: Fix bootloader-related virtual memory leak on pv
build failure
- CVE-2015-7504 / XSA-162
* net: pcnet: add check to validate receive data size
- CVE-2015-8554 / XSA-164
* MSI-X: avoid array overrun upon MSI-X table writes
- CVE-2015-8555 / XSA-165
* x86: don't leak ST(n)/XMMn values to domains first using them
- CVE-2015-???? / XSA-166
* x86/HVM: avoid reading ioreq state more than once
-- Stefan Bader <email address hidden> Wed, 16 Dec 2015 18:26:30 +0100
-
xen (4.4.2-0ubuntu0.14.04.3) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-7311 / XSA-142
* libxl: handle read-only drives with qemu-xen
- CVE-2015-7812 / XSA-145
* xen/arm: Support hypercall_create_continuation for multicall
- CVE-2015-7813 / XSA-146
* xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
- CVE-2015-7814 / XSA-147
* xen: arm: handle races between relinquish_memory and
free_domheap_pages
- CVE-2015-7835 / XSA-148
* x86: guard against undue super page PTE creation
- CVE-2015-7969 / XSA-149
* xen: free domain's vcpu array
- CVE-2015-7970 / XSA-150
* x86/PoD: Eager sweep for zeroed pages
- CVE-2015-7969 / XSA-151
* xenoprof: free domain's vcpu array
- CVE-2015-7971 / XSA-152
* x86: rate-limit logging in do_xen{oprof,pmu}_op()
- CVE-2015-7972 / XSA-153
* libxl: adjust PoD target by memory fudge, too
- CVE-2015-5307 / XSA-156
* x86/HVM: always intercept #AC and #DB
-- Stefan Bader <email address hidden> Tue, 03 Nov 2015 15:18:39 -0600
-
xen (4.4.2-0ubuntu0.14.04.2) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-4103 / XSA-128
* properly gate host writes of modified PCI CFG contents
- CVE-2015-4104 / XSA-129
* xen: don't allow guest to control MSI mask register
- CVE-2015-4105 / XSA-130
* xen/MSI-X: disable logging by default
- CVE-2015-4106 / XSA-131
* xen/MSI: don't open-code pass-through of enable bit modifications
* xen/pt: consolidate PM capability emu_mask
* xen/pt: correctly handle PM status bit
* xen/pt: split out calculation of throughable mask in PCI config space
handling
* xen/pt: mark all PCIe capability bits read-only
* xen/pt: mark reserved bits in PCI config space fields
* xen/pt: add a few PCI config space field descriptions
* xen/pt: unknown PCI config space fields should be read-only
- CVE-2015-4163 / XSA-134
* gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
- CVE-2015-3209 / XSA-135
* pcnet: fix Negative array index read
* pcnet: force the buffer access to be in bounds during tx
- CVE-2015-4164 / XSA-136
* x86/traps: loop in the correct direction in compat_iret()
- CVE-2015-3259 / XSA-137
* xl: Sane handling of extra config file arguments
- CVE-2015-5154 / XSA-138
* ide: Check array bounds before writing to io_buffer
* ide: Clear DRQ after handling all expected accesses
- CVE-2015-5165 / XSA-140
* rtl8139: avoid nested ifs in IP header parsing
* rtl8139: drop tautologous if (ip) {...} statement
* rtl8139: skip offload on short Ethernet/IP header
* rtl8139: check IP Header Length field
* rtl8139: check IP Total Length field
* rtl8139: skip offload on short TCP header
* rtl8139: check TCP Data Offset field
- CVE-2015-6654 / XSA-141
* xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
-- Stefan Bader <email address hidden> Mon, 31 Aug 2015 11:11:36 +0200
-
xen (4.4.2-0ubuntu0.14.04.1) trusty; urgency=low
* Updating to lastest upstream stable release 4.4.2 (LP: #1476666)
- Replacing the following security changes by upstream versions:
* CVE-2014-5146, CVE-2014-5149 / XSA-97,
CVE-2014-3969, CVE-2015-2290 / XSA-98 (additional fix),
CVE-2014-7154 / XSA-104, CVE-2014-7155 / XSA-105,
CVE-2014-7156 / XSA-106, CVE-2014-6268 / XSA-107,
CVE-2014-7188 / XSA-108, CVE-2014-8594 / XSA-109,
CVE-2014-8595 / XSA-110, CVE-2014-8866 / XSA-111,
CVE-2014-8867 / XSA-112, CVE-2014-9030 / XSA-113,
CVE-2014-9065, CVE-2014-9066 / XSA-114,
CVE-2015-0361 / XSA-116, CVE-2015-1563 / XSA-118,
CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123
* Refreshed d/p/version.patch to fix some fuzz when applying. No
functional change.
-- Stefan Bader <email address hidden> Mon, 20 Jul 2015 11:34:38 +0200
-
xen (4.4.1-0ubuntu0.14.04.6) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-3340 / XSA-132
* domctl/sysctl: don't leak hypervisor stack to toolstacks
- CVE-2015-3456 / XSA-133
* qemut: fdc: force the fifo access to be in bounds of the
allocated buffer
-- Stefan Bader <email address hidden> Wed, 13 May 2015 16:38:10 +0200
-
xen (4.4.1-0ubuntu0.14.04.5) trusty-security; urgency=low
* Applying Xen Security Advisories:
* CVE-2014-5146 / XSA-97 (HAP, reworked)
- x86/paging: make log-dirty operations preemptible
* CVE-2015-2752 / XSA-125
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up
to 64 GFNs (or less)
* CVE-2015-2756 / XSA-126 (qemu-dm)
- xen: limit guest control of PCI command register
* CVE-2015-2751 / XSA-127
- domctl: don't allow a toolstack domain to call domain_pause() on
itself
-- Stefan Bader <email address hidden> Tue, 07 Apr 2015 11:42:08 +0200
-
xen (4.4.1-0ubuntu0.14.04.4) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2014-9065, CVE-2014-9066 / XSA-114
* switch to write-biased r/w locks
- CVE-2015-0361 / XSA-116
* x86/HVM: prevent use-after-free when destroying a domain
- CVE-2015-1563 / XSA-118
* xen/arm: vgic: message in the emulation code should be
rate-limited
- CVE-2015-2152 / XSA-119
* tools: libxl: Explicitly disable graphics backends on qemu
cmdline
- CVE-2015-2044 / XSA-121
* x86/HVM: return all ones on wrong-sized reads of system device I/O
ports
- CVE-2015-2045 / XSA-122
* pre-fill structures for certain HYPERVISOR_xen_version sub-ops
- CVE-2015-2151 / XSA-123
* x86emul: fully ignore segment override for register-only operations
-- Stefan Bader <email address hidden> Wed, 04 Mar 2015 12:14:36 +0100
-
xen (4.4.1-0ubuntu0.14.04.3) trusty; urgency=low
* d/xen-utils-common.xen.init: Update script to start a QEMU process for
dom0. (LP: #1396068)
-- Stefan Bader <email address hidden> Thu, 11 Dec 2014 18:36:54 +0100
-
xen (4.4.1-0ubuntu0.14.04.2) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2013-3495 / XSA-59
* VT-d: suppress UR signaling for further desktop chipsets
- CVE-2014-8594 / XSA-109
* x86: don't allow page table updates on non-PV page tables in
do_mmu_update()
- CVE-2014-8595 / XSA-110
* x86emul: enforce privilege level restrictions when loading CS
- CVE-2014-8866 / XSA-111
* x86: limit checks in hypercall_xlat_continuation() to actual arguments
- CVE-2014-8867 / XSA-112
* x86/HVM: confine internally handled MMIO to solitary regions
- CVE-2014-9030 / XSA-113
* x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
-- Stefan Bader <email address hidden> Fri, 21 Nov 2014 13:49:20 +0100
-
xen (4.4.1-0ubuntu0.14.04.1) trusty; urgency=low
* Updating to lastest upstream stable release 4.4.1 (LP: #1390352)
- Replacing the following security changes by upstream versions:
* CVE-2013-3495 / XSA-59 (additional work-around),
CVE-2014-2599 / XSA-89, CVE-2014-3125 / XSA-91,
CVE-2014-3124 / XSA-92, CVE-2014-2915 / XSA-93,
CVE-2014-2986 / XSA-94,
CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95,
CVE-2014-3967,CVE-2014-3968 / XSA-96, CVE-2014-3969 / XSA-98,
CVE-2014-4021 / XSA-100, CVE-2014-4022 / XSA-101,
CVE-2014-5147 / XSA-102, CVE-2014-5148 / XSA-103
- Dropped patches:
* upstream-25290:7a6dcecb1781-rework (stale)
* tools-flask-prefix.diff (stale)
* ubuntu-tools-hotplug-disable-xend-socket.patch (stale, duplicate)
- Refreshed patches:
* d/p/debian/patches/ubuntu-arm64-enablement.patch
Configure part fixed in Xen code. Duplicate defines for arm64 seem
to be avoided by later libc, so need to keep that worked-around in
Xen.
-- Stefan Bader <email address hidden> Mon, 10 Nov 2014 11:34:26 +0100
-
xen (4.4.0-0ubuntu5.2) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2014-5147 / XSA-102
* xen: arm: handle AArch32 userspace when dumping 64-bit guest state.
* xen: arm: Correctly handle exception injection from userspace on
64-bit.
* xen: arm: Handle traps from 32-bit userspace on 64-bit kernel as undef
- CVE-2014-5148 / XSA-103
* xen: arm: Correctly handle do_sysreg exception injection from 64-bit
userspace
- CVE-2014-7154 / XSA-104
* x86/shadow: fix race condition sampling the dirty vram state
- CVE-2014-7155 / XSA-105
* x86/emulate: check cpl for all privileged instructions
- CVE-2014-7156 / XSA-106
* x86emul: only emulate software interrupt injection for real mode
- CVE-2014-6268 / XSA-107
* evtchn: check control block exists when using FIFO-based events
- CVE-2014-7188 / XSA-108
* x86/HVM: properly bound x2APIC MSR range
-- Stefan Bader <email address hidden> Fri, 26 Sep 2014 12:12:16 +0200
-
xen (4.4.0-0ubuntu5.1) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2014-2599 / XSA-89
* x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access()
- CVE-2014-3125 / XSA-91
* xen/arm: Correctly save/restore CNTKCTL_EL1
- CVE-2014-3124 / XSA-92
* x86/HVM: restrict HVMOP_set_mem_type
- CVE-2014-2915 / XSA-93
* xen/arm: Inject an undefined instruction when the coproc/sysreg
is not handled
* xen/arm: Don't let the guest access the coprocessors registers
* xen/arm: Upgrade DCISW into DCCISW
* xen/arm: Trap cache and TCM lockdown registers
* xen/arm: Don't expose implementation defined registers (Cp15 c15)
to the guest
* xen/arm: Don't let guess access to Debug and Performance Monitor
registers
- CVE-2014-2986 / XSA-94
* xen/arm: vgic: Check rank in GICD_ICFGR* emulation before locking
- CVE-2014-3714, CVE-2014-3715, CVE-2014-3716, CVE-2014-3717 / XSA-95
* tools: arm: remove code to check for a DTB appended to the kernel
- CVE-2014-3967,CVE-2014-3968 / XSA-96
* x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
- CVE-2014-3969 / XSA-98
* xen: arm: check permissions when copying to/from guest virtual
addresses
* xen: arm: ensure we hold a reference to guest pages while we copy
to/from them
- CVE-2014-4021 / XSA-100
* AMD IOMMU: don't free page table prematurely
* page-alloc: scrub pages used by hypervisor upon freeing
- CVE-2014-4022 / XSA-101
* xen: arm: initialise the grant_table_gpfn array on allocation
-- Stefan Bader <email address hidden> Mon, 23 Jun 2014 16:06:27 +0200
-
xen (4.4.0-0ubuntu5) trusty; urgency=low
* Minimal changes to make arm64 build. It produces packages, whatever
can be done with those is somebody elses problem.
-- Stefan Bader <email address hidden> Fri, 11 Apr 2014 15:12:47 +0200
-
xen (4.4.0-0ubuntu4) trusty; urgency=low
* Fix up some more stale 4.3 references in xen-utils-4.4 debian
packaging files.
* Remove update-alternatives for postinst and prerm of xen-utils-<version>
as there is no xen-default anymore.
* debian/rules.real:
Add etc/default/grub.d and install xen.cfg into it. This adds a
place to set Xen grub arguments and makes booting into Xen the
default (with a warning message on running update-grub).
* debian/rules.real, debian/xen-utils-$(VERSION).postinst, xen-sxp2xm,
and xen-migrate-xend-managed-domains:
Add migration scripts to the xen-utils-$(VERSION) package
(LP: #1303886).
* Add transitional packages for migrating xen-hypervisor-4.1-(i386|amd64)
and xen-hypervisor-4.3-amd64 to add the xen-system-amd64 meta-package
which is the preferred/recommeded way of installing Xen now.
-- Stefan Bader <email address hidden> Wed, 26 Mar 2014 19:25:53 +0100
-
xen (4.4.0-0ubuntu3) trusty; urgency=low
* Fixing up changelog history and preparing for FFE (LP: #1290743).
xen (4.4.0-0ubuntu2) trusty; urgency=low
* debian/patches/tools-ocaml-disable-test.patch: This disables the ocaml
test build for now until linking issues are resolved.
* debian/xen-utils-common.xen.init: Write domid for dom0 into xenstore
(now required).
xen (4.4.0-0ubuntu1) trusty; urgency=low
* New upstream release (Xen.4.4)
* Refreshed patches:
- debian/patches/tools-libxc-abiname.diff
- debian/patches/tools-libxl-abiname.diff
- debian/patches/tools-libxl-prefix.diff
* debian/rules.real: Force xend to be built.
* debian/rules.real: For utils_<arch> installation move binaries from
usr/sbin/ to usr/lib/xen-<version>/bin. Several that used to go into
the private bin directory moved to the public sbin directory.
Not ideal but quicker to do without side-effects.
* debian/rules.real: Hypervisor has no .gz type on armhf.
* debian/control, debian/rules.gen: Manually update version from 4.3 to 4.4.
* debian/control: Add build dependency for libfdt-dev on armhf.
* debian/control: Only depend on qemu-system-x86 for i386 and amd64 builds.
* debian/*: Also rename several versioned packaging files.
* debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
Add comment about toolstack names and make xl the default.
-- Stefan Bader <email address hidden> Thu, 20 Mar 2014 12:53:21 +0100
-
xen (4.3.0-1ubuntu5) trusty; urgency=low
* Applying Xen Security Advisories:
- CVE-2014-1642 / XSA-83
* x86/irq: avoid use-after-free on error path in pirq_guest_bind()
- CVE-2014-1891 / XSA-84
* flask: fix reading strings from guest memory
- CVE-2014-1895 / XSA-85
* xsm/flask: correct off-by-one in flask_security_avc_cachestats
cpu id check
- CVE-2014-1896 / XSA-86
* libvchan: Fix handling of invalid ring buffer indices
- CVE-2014-1666 / XSA-87
* x86: PHYSDEVOP_{prepare,release}_msix are privileged
- CVE-2014-1950 / XSA-88
* libxc: Fix out-of-memory error handling in xc_cpupool_getinfo()
-- Stefan Bader <email address hidden> Mon, 17 Feb 2014 13:54:15 +0100
-
xen (4.3.0-1ubuntu4) trusty; urgency=medium
* Rebuild for ocaml-4.01.
-- Matthias Klose <email address hidden> Mon, 23 Dec 2013 16:18:35 +0000
-
xen (4.3.0-1ubuntu3) trusty; urgency=low
* Applying Xen Security Advisories:
- CVE-2013-4553 / XSA-74
* Lock order reversal between page_alloc_lock and mm_rwlock
- CVE-2013-4551 / XSA-75
* Host crash due to guest VMX instruction execution
- CVE-2013-4554 / XSA-76
* Hypercalls exposed to privilege rings 1 and 2 of HVM guests
- CVE-????-???? / XSA-77
* Disaggregated domain management security status
- CVE-2013-6375 / XSA-78
* Insufficient TLB flushing in VT-d (iommu) code
- CVE-2013-6400 / XSA-80
* IOMMU TLB flushing may be inadvertently suppressed
- CVE-2013-6885 / XSA-82
* Guest triggerable AMD CPU erratum may cause host hang
-- Stefan Bader <email address hidden> Fri, 06 Dec 2013 17:51:24 +0100
-
xen (4.3.0-1ubuntu2) trusty; urgency=low
* Applying Xen Security Advisories:
- CVE-2013-1442 / XSA-62
* Information leak on AVX and/or LWP capable CPUs
- CVE-2013-4355 / XSA-63
* Information leaks through I/O instruction emulation
- CVE-2013-4356 / XSA-64
* Memory accessible by 64-bit PV guests under live migration
- CVE-2013-4361 / XSA-66
Information leak through fbld instruction emulation
- CVE-2013-4368 / XSA-67
* Information leak through outs instruction emulation
- CVE-2013-4369 / XSA-68
* possible null dereference when parsing vif ratelimiting info
- CVE-2013-4370 / XSA-69
* misplaced free in ocaml xc_vcpu_getaffinity stub
- CVE-2013-4371 / XSA-70
* use-after-free in libxl_list_cpupool under memory pressure
- CVE-2013-4416 / XSA-72
* ocaml xenstored mishandles oversized message replies
- CVE-2013-4494 / XSA-73
* Lock order reversal between page allocation and grant table locks
-- Stefan Bader <email address hidden> Tue, 05 Nov 2013 16:16:05 +0100
-
xen (4.3.0-1ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add armhf to packages (except ocaml related) and create hypervisor
and system-meta package. Modify build environment to produce Arm
packages.
* debian/control
* debian/rules.gen
* debian/rules.real
* debian/patches/ubuntu-tools-armhf-without-ocaml.patch
Ocaml source fail to build on Arm.
- Re-introduce xen-hypervisor-amd64 for i386 builds. Otherwise i386
would be rendered uninstallable.
* debian/arch/i386/defines
* debian/control
- Keep qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
* debian/patches/qemu-prefix.diff
Modify LDFLAGS to point to lib dir for qemu-dm.
* debian/patches/qemu-disable-blktap.diff
Blktap never went upstream.
* debian/patches/ubuntu-qemu-disable-qemu-upstream.diff
We want to use the binary from qemu-system-x86.
* debian/patches/ubuntu-qemu-upstream-location.patch
Modify tools to look for qemu-system-i386 in public path.
- Fixup hvmloader build to find the correct PXE boot roms.
* ubuntu-tools-firmware-etherboot-kvm-ipxe.diff
- Add packaging dependency on libxenstore to libxen (otherwise
libtool fails to find references for libxenlight).
* debian/rules.real
- Add migration helper that removes private paths from xend domain
configs.
* debian/scripts/Makefile
* debian/scripts/xend-domain-config-path-strip
* debian/xen-utils-common.postinst
- Fix for using ulong instead of unsigned long in gdbsx.
* debian/patches/toolchain.diff
* First test for suitable toolstack in xendomains before using the list
command as that causes the xapi daemon to hang.
- debian/xen-utils-common.xendomains.init
-- Stefan Bader <email address hidden> Fri, 27 Sep 2013 15:12:17 +0200
