-
d7c0dd4...
by
Stefan Bader
on 2017-03-14
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-proposed
Imported using git-ubuntu import.
Changelog parent: 6b7754924f372d11d29c1fd7dba1fd94e3385d32
New changelog entries:
* Backport upstream change to fix TSC_ADJUST MSR handling in HVM
guests running on Intel based hosts (LP: #1671760)
-
6b77549...
by
Stefan Bader
on 2017-01-10
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.9 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 4af49013aa9a3124e90249736d18c2ac77b7bc3a
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2016-9386 / XSA-191
* x86/hvm: Fix the handling of non-present segments
- CVE-2016-9382 / XSA-192
* x86/HVM: don't load LDTR with VM86 mode attrs during task switch
- CVE-2016-9385 / XSA-193
* x86/PV: writes of %fs and %gs base MSRs require canonical addresses
- CVE-2016-9383 / XSA-195
* x86emul: fix huge bit offset handling
- CVE-2016-9381 / XSA-197
* xen: fix ioreq handling
- CVE-2016-9379, CVE-2016-9380 / XSA-198
* pygrub: Properly quote results, when returning them to the caller
- CVE-2016-9637 / XSA-199
* qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
- CVE-2016-9932 / XSA-200
* x86emul: CMPXCHG8B ignores operand size prefix
- CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
* arm64: handle guest-generated EL1 asynchronous abort
* arm64: handle async aborts delivered while at EL2
* arm: crash the guest when it traps on external abort
* arm32: handle async aborts delivered while at HYP
- CVE-2016-10024 / XSA-202
* x86: force EFLAGS.IF on when exiting to PV guests
- CVE-2016-10013 / XSA-204
* x86/emul: Correct the handling of eflags with SYSCALL
-
4af4901...
by
Stefan Bader
on 2016-10-06
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.7 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 1c80a08e95d4edc8dcb0b5815564652c2c3dbb5b
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2016-6258 / XSA-182
* x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
- CVE-2016-5403 / XSA-184
* virtio: error out if guest exceeds virtqueue size
- CVE-2016-7092 / XSA-185
* x86/32on64: don't allow recursive page tables from L3
- CVE-2016-7094 / XSA-187
* x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
* x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
- CVE-2016-7154 / XSA-188
* evtchn-fifo: prevent use after free
- CVE-2016-7777 / XSA-190
* x86emul: honor guest CR0.TS and CR0.EM
-
1c80a08...
by
Stefan Bader
on 2016-06-06
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.6 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: fc4f9d378cd9644e10c19e4e90c53b513d7ea49a
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2016-3158, CVE-2016-3159 / XSA-172
* x86: fix information leak on AMD CPUs
- CVE-2016-3960 / XSA-173
* x86: limit GFNs to 32 bits for shadowed superpages.
- CVE-2016-4962 / XSA-175
* libxl: Record backend/frontend paths in /libxl/$DOMID
* libxl: Provide libxl__backendpath_parse_domid
* libxl: Do not trust frontend in libxl__devices_destroy
* libxl: Do not trust frontend in libxl__device_nextid
* libxl: Do not trust frontend for disk eject event
* libxl: Do not trust frontend for disk in getinfo
* libxl: Do not trust frontend for vtpm list
* libxl: Do not trust frontend for vtpm in getinfo
* libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
* libxl: Do not trust frontend for nic in getinfo
* libxl: Cleanup: Have libxl__alloc_vdev use /libxl
* libxl: Document ~/serial/ correctly
- CVE-2016-4480 / XSA-176
* x86/mm: fully honor PS bits in guest page table walks
- CVE-2016-4963 / XSA-178
* libxl: Do not trust backend for vtpm in getinfo (except uuid)
* libxl: Do not trust backend for vtpm in getinfo (uuid)
* libxl: cdrom eject and insert: write to /libxl
* libxl: Do not trust backend for disk eject vdev
* libxl: Do not trust backend for disk; fix driver domain disks list
* libxl: Do not trust backend for disk in getinfo
* libxl: Do not trust backend for cdrom insert
* libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
* libxl: Rename READ_BACKEND to READ_LIBXLDEV
* libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
* libxl: Do not trust backend in nic getinfo
* libxl: Do not trust backend for nic in devid_to_device
* libxl: Do not trust backend for nic in list
* libxl: Cleanup: use libxl__backendpath_parse_domid in
libxl__device_disk_from_xs_be
* libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
- CVE-2016-3710 / XSA-179 (qemu traditional)
* vga: fix banked access bounds checking
* vga: add vbe_enabled() helper
* vga: factor out vga register setup
* vga: update vga register setup on vbe changes
* vga: make sure vga register setup for vbe stays intact
- CVE-2014-3672 / XSA-180 (qemu traditional)
* main loop: Big hammer to fix logfile disk DoS in Xen setups
- CVE-2016-5242 / XSA-181
* xen/arm: Don't free p2m->first_level in p2m_teardown() before
it has been allocated
-
fc4f9d3...
by
Stefan Bader
on 2016-02-23
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.5 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 6f96d29969e741ea07cca1c78020864bd705821e
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2016-2270 / XSA-154
* x86: enforce consistent cachability of MMIO mappings
- CVE-2016-1570 / XSA-167
* x86/mm: PV superpage handling lacks sanity checks
- CVE-2016-1571 / XSA-168
* x86/VMX: prevent INVVPID failure due to non-canonical guest address
- CVE-2015-8615 / XSA-169
* x86: make debug output consistent in hvm_set_callback_via
- CVE-2016-2271 / XSA-170
* x86/VMX: sanitize rIP before re-entering guest
-
6f96d29...
by
Stefan Bader
on 2015-12-16
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.4 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: d430f7218990cccb18e0819bae239b4cc0bf436a
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2015-8550 / XSA-155
* blkif: Avoid double access to src->nr_segments
* xenfb: avoid reading twice the same fields from the shared page
* xen: Add RING_COPY_REQUEST()
* blktap2: Use RING_COPY_REQUEST
* libvchan: Read prod/cons only once.
- CVE-2015-8338 / XSA-158
* memory: split and tighten maximum order permitted in memops
- CVE-2015-8339, CVE-2015-8340 / XSA-159
* memory: fix XENMEM_exchange error handling
- CVE-2015-8341 / XSA-160
* libxl: Fix bootloader-related virtual memory leak on pv
build failure
- CVE-2015-7504 / XSA-162
* net: pcnet: add check to validate receive data size
- CVE-2015-8554 / XSA-164
* MSI-X: avoid array overrun upon MSI-X table writes
- CVE-2015-8555 / XSA-165
* x86: don't leak ST(n)/XMMn values to domains first using them
- CVE-2015-???? / XSA-166
* x86/HVM: avoid reading ioreq state more than once
-
d430f72...
by
Stefan Bader
on 2015-11-03
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.3 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 63caef75456ad032dc48a7ac66a093485c390a99
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2015-7311 / XSA-142
* libxl: handle read-only drives with qemu-xen
- CVE-2015-7812 / XSA-145
* xen/arm: Support hypercall_create_continuation for multicall
- CVE-2015-7813 / XSA-146
* xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
- CVE-2015-7814 / XSA-147
* xen: arm: handle races between relinquish_memory and
free_domheap_pages
- CVE-2015-7835 / XSA-148
* x86: guard against undue super page PTE creation
- CVE-2015-7969 / XSA-149
* xen: free domain's vcpu array
- CVE-2015-7970 / XSA-150
* x86/PoD: Eager sweep for zeroed pages
- CVE-2015-7969 / XSA-151
* xenoprof: free domain's vcpu array
- CVE-2015-7971 / XSA-152
* x86: rate-limit logging in do_xen{oprof,pmu}_op()
- CVE-2015-7972 / XSA-153
* libxl: adjust PoD target by memory fudge, too
- CVE-2015-5307 / XSA-156
* x86/HVM: always intercept #AC and #DB
-
63caef7...
by
Stefan Bader
on 2015-08-31
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.2 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 4f30ad8848d8d142036f6443c7a7a6df63525810
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2015-4103 / XSA-128
* properly gate host writes of modified PCI CFG contents
- CVE-2015-4104 / XSA-129
* xen: don't allow guest to control MSI mask register
- CVE-2015-4105 / XSA-130
* xen/MSI-X: disable logging by default
- CVE-2015-4106 / XSA-131
* xen/MSI: don't open-code pass-through of enable bit modifications
* xen/pt: consolidate PM capability emu_mask
* xen/pt: correctly handle PM status bit
* xen/pt: split out calculation of throughable mask in PCI config space
handling
* xen/pt: mark all PCIe capability bits read-only
* xen/pt: mark reserved bits in PCI config space fields
* xen/pt: add a few PCI config space field descriptions
* xen/pt: unknown PCI config space fields should be read-only
- CVE-2015-4163 / XSA-134
* gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
- CVE-2015-3209 / XSA-135
* pcnet: fix Negative array index read
* pcnet: force the buffer access to be in bounds during tx
- CVE-2015-4164 / XSA-136
* x86/traps: loop in the correct direction in compat_iret()
- CVE-2015-3259 / XSA-137
* xl: Sane handling of extra config file arguments
- CVE-2015-5154 / XSA-138
* ide: Check array bounds before writing to io_buffer
* ide: Clear DRQ after handling all expected accesses
- CVE-2015-5165 / XSA-140
* rtl8139: avoid nested ifs in IP header parsing
* rtl8139: drop tautologous if (ip) {...} statement
* rtl8139: skip offload on short Ethernet/IP header
* rtl8139: check IP Header Length field
* rtl8139: check IP Total Length field
* rtl8139: skip offload on short TCP header
* rtl8139: check TCP Data Offset field
- CVE-2015-6654 / XSA-141
* xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
-
4f30ad8...
by
Stefan Bader
on 2015-07-20
-
Import patches-unapplied version 4.4.2-0ubuntu0.14.04.1 to ubuntu/trusty-proposed
Imported using git-ubuntu import.
Changelog parent: 8baa5460d3627a6d133aa939ac4575c767364f19
New changelog entries:
* Updating to lastest upstream stable release 4.4.2 (LP: #1476666)
- Replacing the following security changes by upstream versions:
* CVE-2014-5146, CVE-2014-5149 / XSA-97,
CVE-2014-3969, CVE-2015-2290 / XSA-98 (additional fix),
CVE-2014-7154 / XSA-104, CVE-2014-7155 / XSA-105,
CVE-2014-7156 / XSA-106, CVE-2014-6268 / XSA-107,
CVE-2014-7188 / XSA-108, CVE-2014-8594 / XSA-109,
CVE-2014-8595 / XSA-110, CVE-2014-8866 / XSA-111,
CVE-2014-8867 / XSA-112, CVE-2014-9030 / XSA-113,
CVE-2014-9065, CVE-2014-9066 / XSA-114,
CVE-2015-0361 / XSA-116, CVE-2015-1563 / XSA-118,
CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123
* Refreshed d/p/version.patch to fix some fuzz when applying. No
functional change.
-
8baa546...
by
Stefan Bader
on 2015-05-13
-
Import patches-unapplied version 4.4.1-0ubuntu0.14.04.6 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 77848541bd24e7aedb7517242b30feff222246ad
New changelog entries:
* Applying Xen Security Advisories:
- CVE-2015-3340 / XSA-132
* domctl/sysctl: don't leak hypervisor stack to toolstacks
- CVE-2015-3456 / XSA-133
* qemut: fdc: force the fifo access to be in bounds of the
allocated buffer
