ubuntu/+source/xen:applied/ubuntu/xenial-security

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

4a63426... by Stefan Bader on 2017-10-11

Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca
Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

1430dad... by Stefan Bader on 2017-10-11

[PATCH 2/2] xen/arm: Correctly report the memory region in the dummy

Gbp-Pq: xsa245-0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch.

9632969... by Stefan Bader on 2017-10-11

[PATCH 1/2] xen/page_alloc: Cover memory unreserved after boot in

Gbp-Pq: xsa245-0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch.

5b0329a... by Stefan Bader on 2017-10-11

x86/cpu: fix IST handling during PCPU bringup

Gbp-Pq: xsa244-4.6.patch.

f0c0994... by Stefan Bader on 2017-10-11

x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests

Gbp-Pq: xsa243-4.6-2.patch.

2f60f47... by Stefan Bader on 2017-10-11

x86: Disable the use of auto-translated PV guests

Gbp-Pq: xsa243-4.6-1.patch.

c1ce0fe... by Stefan Bader on 2017-10-11

x86: don't allow page_unlock() to drop the last type reference

Gbp-Pq: xsa242-4.9.patch.

6f508c5... by Stefan Bader on 2017-10-11

x86: don't store possibly stale TLB flush time stamp

Gbp-Pq: xsa241-4.9.patch.

a87ed2c... by Stefan Bader on 2017-10-11

[PATCH 2/2] x86/mm: Disable PV linear pagetables by default

Gbp-Pq: xsa240-4.6-0002-x86-mm-Disable-PV-linear-pagetables-by-default.patch.

637e7ab... by Stefan Bader on 2017-10-11

[PATCH 1/2] x86: limit linear page table use to a single level

Gbp-Pq: xsa240-4.6-0001-x86-limit-linear-page-table-use-to-a-single-level.patch.