lp:ubuntu/oneiric-security/xen
- Get this branch:
- bzr branch lp:ubuntu/oneiric-security/xen
Branch merges
Branch information
Recent revisions
- 29. By Stefan Bader
-
* Applying Xen Security Advisories:
- ACPI: acpi_table_parse() should return handler's error code
CVE-2013-0153 / XSA-36
- oxenstored incorrect handling of certain Xenbus ring states
CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc. patch
Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device- vector- map.patch
Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
Also fixes issues on AMD systems which could cause Dom0 to loose disks
under heavy I/O (because PCI-E devices could use the same IOAPIC vector
as the SMBus). - 28. By Stefan Bader
-
* Applying Xen Security Advisory:
- VT-d: fix interrupt remapping source validation for devices behind
legacy bridges
CVE-2012-5634
* Applying qemu security fixes:
- e1000: Discard packets that are too long if !SBP and !LPE
CVE-2012-6075
- Discard packets longer than 16384 when !SBP to match the hardware
behavior.
CVE-2012-6075 - 27. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via IOMMU error handling
- debian/patches/ CVE-2011- 3131.patch: disable bus-mastering on any card
that causes an IOMMU fault in xen/drivers/passthrough/ vtd/iommu. c,
xen/drivers/ passthrough/ amd/iommu_ init.c.
- CVE-2011-3131
* SECURITY UPDATE: denial of service via MMIO regions
- debian/patches/ CVE-2012- 3432.patch: don't leave emulator in an
inconsistent state in xen/arch/x86/hvm/ io.c.
- CVE-2012-3432
* SECURITY UPDATE: denial of service via excessive shared page search
time during the p2m teardown
- debian/patches/ CVE-2012- 3433.patch: only check for shared pages while
any exist on teardown in xen/arch/x86/mm/ p2m.c.
- CVE-2012-3433
* SECURITY UPDATE: denial of service via DR7 reserved bits
- debian/patches/ CVE-2012- 3494.patch: write upper 32 bits as zeros in
xen/include/ asm-x86/ debugreg. h.
- CVE-2012-3494
* SECURITY UPDATE: denial of service and possible privilege escalation
via physdev_get_free_ pirq hypercall.
- debian/patches/ CVE-2012- 3495.patch: handle out-of-pirq condition
correctly in xen/arch/x86/physdev. c.
- CVE-2012-3495
* SECURITY UPDATE: denial of service via via invalid flags
- debian/patches/ CVE-2012- 3496.patch: Don't BUG_ON() PoD operations on
a non-translated guest in xen/arch/x86/mm/ p2m.c.
- CVE-2012-3496
* SECURITY UPDATE: denial of service and possibly hypervisor memory
disclosure via PHYSDEVOP_map_pirq
- debian/patches/ CVE-2012- 3498.patch: add validation before using in
xen/arch/x86/ physdev. c.
- CVE-2012-3498
* SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence
- debian/patches/ CVE-2012- 3515.patch: bounds check whenever changing
the cursor due to an escape code in qemu/console.c.
- CVE-2012-3515
* SECURITY UPDATE: host info disclosure via qemu monitor
- debian/patches/ CVE-2012- 4411.patch: disable qemu monitor by default
in qemu/vl.c.
- CVE-2012-4411 - 26. By Stefan Bader
-
* Applying Xen Security fixes (LP: #1086801, #1086875)
- VCPU/timers: Prevent overflow in calculations, leading to DoS
vulnerability
CVE-2012-4535
- x86/physdev: Range check pirq parameter from guests
CVE-2012-4536
- x86/physmap: Prevent incorrect updates of m2p mappings
CVE-2012-4537
- xen/mm/shadow: check toplevel pagetables are present before unhooking
them
CVE-2012-4538
- compat/gnttab: Prevent infinite loop in compat code
CVE-2012-4539
- libxc: builder: limit maximum size of kernel/ramdisk
CVE-2012-4544
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- x86/HVM: range check xen_hvm_set_mem_ access. hvmmem_ access before use
CVE-2012-5512
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_ on_demand( )
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515 - 25. By Stefan Bader
-
* x86-64: detect processors subject to AMD erratum #121 and refuse to boot
CVE-2006-0744
* x86_64: Do not execute sysret with a non-canonical return address
CVE-2012-0218
* x86-64: fix #GP generation in assembly code
CVE-2012-0217 - 22. By Chuck Short
-
* Clean up patches.
* debian/patches/ upstream- changeset- 23146.patch,
debian/patches/ upstream- changeset- 23147.patch: Fix booting with hvm
domU. (LP: #832207) - 21. By Chuck Short
-
* Merge from debian unstable. Remaining changes:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3.
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
+ Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc. - 20. By Chuck Short
-
* Merge from debian unstable. Remaining changes:
+ Xen 3.3 -> Xen 4.1 migration:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3.
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
+ Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
+ Dropped upstream patches:
- debian/patches/ disable- unused- but-not- set-error. patch:
Applied upstream.
- debian/patches/ xc-dom- restore- set-but- not-used. patch:
Applied upstream.
- debian/patches/ xc-dom- restore- set-but- not-used. patch:
Applied upstream.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/xen