Created by Ubuntu Package Importer on 2012-06-18 and last modified on 2013-06-21
Get this branch:
bzr branch lp:ubuntu/precise-updates/xen
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

38. By Stefan Bader on 2013-06-21

* Applying Xen Security Advisories
  - CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA55
    * libelf: abolish libelf-relocate.c
    * libxc: introduce xc_dom_seg_to_ptr_pages
    * libxc: Fix range checking in xc_dom_pfn_to_ptr etc.
    * libelf: abolish elf_sval and elf_access_signed
    * libelf/xc_dom_load_elf_symtab: Do not use "syms" uninitialised
    * libelf: introduce macros for memory access and pointer handling
    * tools/xcutils/readnotes: adjust print_l1_mfn_valid_note
    * libelf: check nul-terminated strings properly
    * libelf: check all pointer accesses
    * libelf: Check pointer references in elf_is_elfbinary
    * libelf: Make all callers call elf_check_broken
    * libelf: use C99 bool for booleans
    * libelf: use only unsigned integers
    * libxc: Introduce xc_bitops.h
    * libelf: check loops for running away
    * libelf: abolish obsolete macros
    * libxc: Add range checking to xc_dom_binloader
    * libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
    * libxc: check return values from malloc
    * libxc: range checks in xc_dom_p2m_host and _guest
    * libxc: check blob size before proceeding in xc_dom_check_gzip
    * libxl: Restrict permissions on PV console device xenstore nodes

37. By Stefan Bader on 2013-06-06

* Applying Xen Security Advisories:
  - CVE-2013-1918 / XSA-45
    * x86: make vcpu_destroy_pagetables() preemptible
    * x86: make new_guest_cr3() preemptible
    * x86: make MMUEXT_NEW_USER_BASEPTR preemptible
    * x86: make vcpu_reset() preemptible
    * x86: make arch_set_info_guest() preemptible
    * x86: make page table unpinning preemptible
    * x86: make page table handling error paths preemptible
  - CVE-2013-1952 / XSA-49
    * VT-d: don't permit SVT_NO_VERIFY entries for known device types
  - CVE-2013-1964 / XSA-50
    * Fix rcu domain locking for transitive grants
  - CVE-2013-2076 / XSA-52
    * x86/xsave: fix information leak on AMD CPUs
  - CVE-2013-2077 / XSA-53
    * x86/xsave: recover from faults on XRSTOR
  - CVE-2013-2078 / XSA-54
    * x86/xsave: properly check guest input to XSETBV
  - CVE-2013-2072 / XSA-56
    * libxc: limit cpu values when setting vcpu affinity

36. By Stefan Bader on 2013-04-11

* Applying Xen Security Advisories:
  - CVE-2013-1917 / XSA-44
    x86: clear EFLAGS.NT in SYSENTER entry path
  - CVE-2013-1919 / XSA-46
    x86: fix various issues with handling guest IRQs
  - CVE-2013-1920 / XSA-47
    defer event channel bucket pointer store until after XSM checks

35. By Stefan Bader on 2013-04-08

* Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
  - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
  - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
  - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch

34. By Stefan Bader on 2013-01-30

* Applying Xen Security Advisories:
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device-vector-map.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  Also fixes issues on AMD systems which could cause Dom0 to loose disks
  under heavy I/O (because PCI-E devices could use the same IOAPIC vector
  as the SMBus).

33. By Stefan Bader on 2013-01-07

* Applying Xen Security Advisory:
  - VT-d: fix interrupt remapping source validation for devices behind
    legacy bridges
* Applying qemu security fixes:
  - e1000: Discard packets that are too long if !SBP and !LPE
  - Discard packets longer than 16384 when !SBP to match the hardware

32. By Marc Deslauriers on 2012-12-11

* SECURITY UPDATE: denial of service via MMIO regions
  - debian/patches/CVE-2012-3432.patch: don't leave emulator in an
    inconsistent state in xen/arch/x86/hvm/io.c.
  - CVE-2012-3432
* SECURITY UPDATE: denial of service via excessive shared page search
  time during the p2m teardown
  - debian/patches/CVE-2012-3433.patch: only check for shared pages while
    any exist on teardown in xen/arch/x86/mm/p2m.c.
  - CVE-2012-3433
* SECURITY UPDATE: denial of service via DR7 reserved bits
  - debian/patches/CVE-2012-3494.patch: write upper 32 bits as zeros in
  - CVE-2012-3494
* SECURITY UPDATE: denial of service and possible privilege escalation
  via physdev_get_free_pirq hypercall.
  - debian/patches/CVE-2012-3495.patch: handle out-of-pirq condition
    correctly in xen/arch/x86/physdev.c.
  - CVE-2012-3495
* SECURITY UPDATE: denial of service via via invalid flags
  - debian/patches/CVE-2012-3496.patch: Don't BUG_ON() PoD operations on
    a non-translated guest in xen/arch/x86/mm/p2m.c.
  - CVE-2012-3496
* SECURITY UPDATE: denial of service and possibly hypervisor memory
  disclosure via PHYSDEVOP_map_pirq
  - debian/patches/CVE-2012-3498.patch: add validation before using in
  - CVE-2012-3498
* SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence
  - debian/patches/CVE-2012-3515.patch: bounds check whenever changing
    the cursor due to an escape code in qemu/console.c.
  - CVE-2012-3515
* SECURITY UPDATE: host info disclosure via qemu monitor
  - debian/patches/CVE-2012-4411.patch: disable qemu monitor by default
    in qemu/vl.c.
  - CVE-2012-4411

31. By Stefan Bader on 2012-12-05

* Applying Xen Security fixes (LP: #1086801, #1086875)
  - VCPU/timers: Prevent overflow in calculations, leading to DoS
  - x86/physdev: Range check pirq parameter from guests
  - x86/physmap: Prevent incorrect updates of m2p mappings
  - xen/mm/shadow: check toplevel pagetables are present before unhooking
  - compat/gnttab: Prevent infinite loop in compat code
  - libxc: builder: limit maximum size of kernel/ramdisk
  - gnttab: fix releasing of memory upon switches between versions
  - hvm: Limit the size of large HVM op batches
  - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
  - xen: add missing guest address range checks to XENMEM_exchange handlers
  - xen: fix error handling of guest_physmap_mark_populate_on_demand()
  - memop: limit guest specified extent order

30. By Stefan Bader on 2012-07-10

x86/mm: Don't check for invalid bits in non-present PTEs.
Cherry-pick from xen-4.1 unstable to fix corrupted page table issues
observed on 32 bit guests (LP: #1023365).

29. By Stefan Bader on 2012-06-06

* x86-64: detect processors subject to AMD erratum #121 and refuse to boot
* x86_64: Do not execute sysret with a non-canonical return address
* x86-64: fix #GP generation in assembly code

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.