-
xen (4.5.1-0ubuntu1.4) wily-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-3158, CVE-2016-3159 / XSA-172
* x86: fix information leak on AMD CPUs
- CVE-2016-3960 / XSA-173
* x86: limit GFNs to 32 bits for shadowed superpages.
- CVE-2016-4962 / XSA-175
* libxl: Record backend/frontend paths in /libxl/$DOMID
* libxl: Provide libxl__backendpath_parse_domid
* libxl: Do not trust frontend in libxl__devices_destroy
* libxl: Do not trust frontend in libxl__device_nextid
* libxl: Do not trust frontend for disk eject event
* libxl: Do not trust frontend for disk in getinfo
* libxl: Do not trust frontend for vtpm list
* libxl: Do not trust frontend for vtpm in getinfo
* libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
* libxl: Do not trust frontend for nic in getinfo
* libxl: Do not trust frontend for channel in list
* libxl: Do not trust frontend for channel in getinfo
* libxl: Cleanup: Have libxl__alloc_vdev use /libxl
* libxl: Document ~/serial/ correctly
- CVE-2016-4480 / XSA-176
* x86/mm: fully honor PS bits in guest page table walks
- CVE-2016-4963 / XSA-178
* libxl: Make copy of every xs backend in /libxl in _generic_add
* libxl: Do not trust backend in libxl__device_exists
* libxl: Do not trust backend for vtpm in getinfo (except uuid)
* libxl: Do not trust backend for vtpm in getinfo (uuid)
* libxl: cdrom eject and insert: write to /libxl
* libxl: Do not trust backend for disk eject vdev
* libxl: Do not trust backend for disk; fix driver domain disks list
* libxl: Do not trust backend for disk in getinfo
* libxl: Do not trust backend for cdrom insert
* libxl: Do not trust backend for channel in getinfo
* libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
* libxl: Rename READ_BACKEND to READ_LIBXLDEV
* libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
* libxl: Do not trust backend in nic getinfo
* libxl: Do not trust backend for nic in devid_to_device
* libxl: Do not trust backend for nic in list
* libxl: Do not trust backend in channel list
* libxl: Cleanup: use libxl__backendpath_parse_domid in
libxl__device_disk_from_xs_be
* libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
- CVE-2016-5242 / XSA-181
* xen/arm: Don't free p2m->first_level in p2m_teardown() before
it has been allocated
-- Stefan Bader <email address hidden> Thu, 30 Jun 2016 10:05:26 +0200
-
xen (4.5.1-0ubuntu1.3) wily-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-2270 / XSA-154
* x86: enforce consistent cachability of MMIO mappings
- CVE-2016-1570 / XSA-167
* x86/mm: PV superpage handling lacks sanity checks
- CVE-2016-1571 / XSA-168
* x86/VMX: prevent INVVPID failure due to non-canonical guest address
- CVE-2015-8615 / XSA-169
* x86: make debug output consistent in hvm_set_callback_via
- CVE-2016-2271 / XSA-170
* x86/VMX: sanitize rIP before re-entering guest
-- Stefan Bader <email address hidden> Tue, 23 Feb 2016 22:18:08 +0100
-
xen (4.5.1-0ubuntu1.2) wily-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-8550 / XSA-155
* xen: Add RING_COPY_REQUEST()
* blktap2: Use RING_COPY_REQUEST
* libvchan: Read prod/cons only once.
- CVE-2015-8338 / XSA-158
* memory: split and tighten maximum order permitted in memops
- CVE-2015-8339, CVE-2015-8340 / XSA-159
* memory: fix XENMEM_exchange error handling
- CVE-2015-8341 / XSA-160
* libxl: Fix bootloader-related virtual memory leak on pv
build failure
- CVE-2015-8555 / XSA-165
* x86: don't leak ST(n)/XMMn values to domains first using them
- CVE-2015-???? / XSA-166
* x86/HVM: avoid reading ioreq state more than once
-- Stefan Bader <email address hidden> Wed, 16 Dec 2015 18:24:35 +0100
-
xen (4.5.1-0ubuntu1.1) wily-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-7311 / XSA-142
* libxl: handle read-only drives with qemu-xen
- CVE-2015-7812 / XSA-145
* xen/arm: Support hypercall_create_continuation for multicall
- CVE-2015-7813 / XSA-146
* xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
- CVE-2015-7814 / XSA-147
* xen: arm: handle races between relinquish_memory and
free_domheap_pages
- CVE-2015-7835 / XSA-148
* x86: guard against undue super page PTE creation
- CVE-2015-7969 / XSA-149
* xen: free domain's vcpu array
- CVE-2015-7970 / XSA-150
* x86/PoD: Eager sweep for zeroed pages
- CVE-2015-7969 / XSA-151
* xenoprof: free domain's vcpu array
- CVE-2015-7971 / XSA-152
* x86: rate-limit logging in do_xen{oprof,pmu}_op()
- CVE-2015-7972 / XSA-153
* libxl: adjust PoD target by memory fudge, too
- CVE-2015-5307 / XSA-156
* x86/HVM: always intercept #AC and #DB
-- Stefan Bader <email address hidden> Tue, 03 Nov 2015 08:39:07 -0600
-
xen (4.5.1-0ubuntu1) wily; urgency=low
* New upstream stable release (4.5.1)
- Replacing the following security changes by upstream versions:
* CVE-2014-3969 / XSA-98 (update),
CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118,
CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123,
CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127
- Included security changes which where not yet applied:
* CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136
* Applying additional Xen Security Advisories:
- CVE-2015-3259 / XSA-137
* xl: Sane handling of extra config file arguments
- CVE-2015-6654 / XSA-141
* xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
-- Stefan Bader <email address hidden> Wed, 02 Sep 2015 16:37:39 +0200
-
xen (4.5.0-1ubuntu4) vivid; urgency=low
* Applying Xen Security Advisories:
* CVE-2014-3969 / XSA-98 (update)
- xen: arm: correct arm64 version of gva_to_ma_par
* CVE-2015-2752 / XSA-125
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up
to 64 GFNs (or less)
* CVE-2015-2751 / XSA-127
- domctl: don't allow a toolstack domain to call domain_pause() on
itself
-- Stefan Bader <email address hidden> Wed, 08 Apr 2015 10:10:27 +0200