ubuntu/+source/xen:ubuntu/precise-security

Last commit made on 2017-01-12
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/xen

Recent commits

f5467f7... by Stefan Bader on 2017-01-11

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

ec321d1... by Stefan Bader on 2016-10-06

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.12 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ca675d4bc737b8bc25ad7bcaf92802aefc0aff1e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-5403 / XSA-184
      * virtio: error out if guest exceeds virtqueue size
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

ca675d4... by Stefan Bader on 2016-06-07

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e495c0f4995c28f223fca9ff98e01aa2aebe851d

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2013-2212 / XSA-060
      * VMX: disable EPT when !cpu_has_vmx_pat
      * VMX: remove the problematic set_uc_mode logic
      * VMX: fix cr0.cd handling
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
      * x86/HVM: correct CPUID leaf 80000008 handling
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-3710 / XSA-179 (qemu traditional)
      * vga: fix banked access bounds checking
      * vga: add vbe_enabled() helper
      * vga: factor out vga register setup
      * vga: update vga register setup on vbe changes
      * vga: make sure vga register setup for vbe stays intact
    - CVE-2014-3672 / XSA-180 (qemu traditional)
      * main loop: Big hammer to fix logfile disk DoS in Xen setups

e495c0f... by Stefan Bader on 2016-02-25

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 550f961824ece5484236aafb0b2fc60679df8d49

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-2270 / XSA-154
      * x86: make get_page_from_l1e() return a proper error code
      * x86: make mod_l1_entry() return a proper error code
      * x86/mm: fix mod_l1_entry() return value when encountering r/o MMIO
        page
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

550f961... by Stefan Bader on 2015-12-16

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: ac655f43ccaf031442d0df2935581d11fa203b9c

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * blkif: Avoid double access to src->nr_segments
      * xenfb: avoid reading twice the same fields from the shared page
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-7504 / XSA-162
      * net: pcnet: add check to validate receive data size
    - CVE-2015-8554 / XSA-164
      * MSI-X: avoid array overrun upon MSI-X table writes
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

ac655f4... by Stefan Bader on 2015-11-23

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 845f8c86b61b0e167c5a3faafb0c43a0c9de0572

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

845f8c8... by Stefan Bader on 2015-04-01

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.6 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8d13ace4ee10c69a704d50e7617a5c6d62a57b99

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2014-5146 / XSA-097
      * Combine hap/shadow and log_dirty_log
      * x86/mm/hap: Adjust vram tracking to play nicely with log-dirty.
      * x86/paging: make log-dirty operations preemptible
    - CVE-2015-2752 / XSA-125
      * Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
        GFNs (or less)
    - CVE-2015-2756 / XSA-126 (QEMU traditional)
      * xen: limit guest control of PCI command register
    - CVE-2015-4103 / XSA-128
      * properly gate host writes of modified PCI CFG contents
    - CVE-2015-4104 / XSA-129
      * xen: don't allow guest to control MSI mask register
    - CVE-2015-4105 / XSA-130
      * xen/MSI-X: disable logging by default
    - CVE-2015-4106 / XSA-131
      * xen/MSI: don't open-code pass-through of enable bit modifications
      * xen/pt: consolidate PM capability emu_mask
      * xen/pt: correctly handle PM status bit
      * xen/pt: split out calculation of throughable mask in PCI config space
        handling
      * xen/pt: mark all PCIe capability bits read-only
      * xen/pt: mark reserved bits in PCI config space fields
      * xen/pt: add a few PCI config space field descriptions
      * xen/pt: unknown PCI config space fields should be read-only
    - CVE-2015-3340 / XSA-132
      * domctl/sysctl: don't leak hypervisor stack to toolstacks
    - CVE-2015-3456 / XSA-133
      * qemut: fdc: force the fifo access to be in bounds of the
        allocated buffer
    - CVE-2015-3209 / XSA-135
      * pcnet: fix Negative array index read
      * pcnet: force the buffer access to be in bounds during tx
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-5154 / XSA-138
      * ide: Check array bounds before writing to io_buffer
      * ide: Clear DRQ after handling all expected accesses
    - CVE-2015-5165 / XSA-140
      * rtl8139: avoid nested ifs in IP header parsing
      * rtl8139: drop tautologous if (ip) {...} statement
      * rtl8139: skip offload on short Ethernet/IP header
      * rtl8139: check IP Header Length field
      * rtl8139: check IP Total Length field
      * rtl8139: skip offload on short TCP header
      * rtl8139: check TCP Data Offset field

8d13ace... by Stefan Bader on 2015-03-04

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8d59eaf9b91cbf9d2c36a0ca235469df079fce73

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations

8d59eaf... by Stefan Bader on 2014-11-21

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 56e9f44e6ca1776a96f778d4a79161da07fbeae9

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE

56e9f44... by Stefan Bader on 2014-09-29

Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c5d66ac2c3e97bc838bf83adc477de35aef78483

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2014-7154 / XSA-104
      * x86/shadow: fix race condition sampling the dirty vram state
    - CVE-2014-7155 / XSA-105
      * x86/emulate: check cpl for all privileged instructions
    - CVE-2014-7156 / XSA-106
      * x86emul: only emulate software interrupt injection for real mode
    - CVE-2014-7188 / XSA-108
      * x86/HVM: properly bound x2APIC MSR range