lp:ubuntu/oneiric-security/xen

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-security/xen
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

29. By Stefan Bader

* Applying Xen Security Advisories:
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device-vector-map.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  Also fixes issues on AMD systems which could cause Dom0 to loose disks
  under heavy I/O (because PCI-E devices could use the same IOAPIC vector
  as the SMBus).

28. By Stefan Bader

* Applying Xen Security Advisory:
  - VT-d: fix interrupt remapping source validation for devices behind
    legacy bridges
    CVE-2012-5634
* Applying qemu security fixes:
  - e1000: Discard packets that are too long if !SBP and !LPE
    CVE-2012-6075
  - Discard packets longer than 16384 when !SBP to match the hardware
    behavior.
    CVE-2012-6075

27. By Marc Deslauriers

* SECURITY UPDATE: denial of service via IOMMU error handling
  - debian/patches/CVE-2011-3131.patch: disable bus-mastering on any card
    that causes an IOMMU fault in xen/drivers/passthrough/vtd/iommu.c,
    xen/drivers/passthrough/amd/iommu_init.c.
  - CVE-2011-3131
* SECURITY UPDATE: denial of service via MMIO regions
  - debian/patches/CVE-2012-3432.patch: don't leave emulator in an
    inconsistent state in xen/arch/x86/hvm/io.c.
  - CVE-2012-3432
* SECURITY UPDATE: denial of service via excessive shared page search
  time during the p2m teardown
  - debian/patches/CVE-2012-3433.patch: only check for shared pages while
    any exist on teardown in xen/arch/x86/mm/p2m.c.
  - CVE-2012-3433
* SECURITY UPDATE: denial of service via DR7 reserved bits
  - debian/patches/CVE-2012-3494.patch: write upper 32 bits as zeros in
    xen/include/asm-x86/debugreg.h.
  - CVE-2012-3494
* SECURITY UPDATE: denial of service and possible privilege escalation
  via physdev_get_free_pirq hypercall.
  - debian/patches/CVE-2012-3495.patch: handle out-of-pirq condition
    correctly in xen/arch/x86/physdev.c.
  - CVE-2012-3495
* SECURITY UPDATE: denial of service via via invalid flags
  - debian/patches/CVE-2012-3496.patch: Don't BUG_ON() PoD operations on
    a non-translated guest in xen/arch/x86/mm/p2m.c.
  - CVE-2012-3496
* SECURITY UPDATE: denial of service and possibly hypervisor memory
  disclosure via PHYSDEVOP_map_pirq
  - debian/patches/CVE-2012-3498.patch: add validation before using in
    xen/arch/x86/physdev.c.
  - CVE-2012-3498
* SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence
  - debian/patches/CVE-2012-3515.patch: bounds check whenever changing
    the cursor due to an escape code in qemu/console.c.
  - CVE-2012-3515
* SECURITY UPDATE: host info disclosure via qemu monitor
  - debian/patches/CVE-2012-4411.patch: disable qemu monitor by default
    in qemu/vl.c.
  - CVE-2012-4411

26. By Stefan Bader

* Applying Xen Security fixes (LP: #1086801, #1086875)
  - VCPU/timers: Prevent overflow in calculations, leading to DoS
    vulnerability
    CVE-2012-4535
  - x86/physdev: Range check pirq parameter from guests
    CVE-2012-4536
  - x86/physmap: Prevent incorrect updates of m2p mappings
    CVE-2012-4537
  - xen/mm/shadow: check toplevel pagetables are present before unhooking
    them
    CVE-2012-4538
  - compat/gnttab: Prevent infinite loop in compat code
    CVE-2012-4539
  - libxc: builder: limit maximum size of kernel/ramdisk
    CVE-2012-4544
  - gnttab: fix releasing of memory upon switches between versions
    CVE-2012-5510
  - hvm: Limit the size of large HVM op batches
    CVE-2012-5511
  - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
    CVE-2012-5512
  - xen: add missing guest address range checks to XENMEM_exchange handlers
    CVE-2012-5513
  - xen: fix error handling of guest_physmap_mark_populate_on_demand()
    CVE-2012-5514
  - memop: limit guest specified extent order
    CVE-2012-5515

25. By Stefan Bader

* x86-64: detect processors subject to AMD erratum #121 and refuse to boot
  CVE-2006-0744
* x86_64: Do not execute sysret with a non-canonical return address
  CVE-2012-0218
* x86-64: fix #GP generation in assembly code
  CVE-2012-0217

24. By Matthias Klose

Rebuild to drop build records on armel and powerpc. LP: #823714.

23. By Matthias Klose

Rebuild to drop build records on armel and powerpc. LP: #823714.

22. By Chuck Short

* Clean up patches.
* debian/patches/upstream-changeset-23146.patch,
  debian/patches/upstream-changeset-23147.patch: Fix booting with hvm
  domU. (LP: #832207)

21. By Chuck Short

* Merge from debian unstable. Remaining changes:
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3.
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-4.1.
  + Make sure the LDFLAGS value passed is suitable for use by ld
    rather than gcc.

20. By Chuck Short

* Merge from debian unstable. Remaining changes:
  + Xen 3.3 -> Xen 4.1 migration:
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3.
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-4.1.
  + Make sure the LDFLAGS value passed is suitable for use by ld
    rather than gcc.
  + Dropped upstream patches:
    - debian/patches/disable-unused-but-not-set-error.patch:
      Applied upstream.
    - debian/patches/xc-dom-restore-set-but-not-used.patch:
      Applied upstream.
    - debian/patches/xc-dom-restore-set-but-not-used.patch:
      Applied upstream.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/xen
This branch contains Public information 
Everyone can see this information.

Subscribers