xen (4.1.5-0ubuntu0.12.04.1) precise-proposed; urgency=low
* Updating to lastest upstream stable release (LP: #1180396).
* Update to upstream 4.1.5:
- Replacing the following security changes by upstream versions:
* CVE-2012-5634 / XSA-33, CVE-2013-0153 / XSA-36,
CVE-2013-0215 / XSA-38, CVE-2012-6075 / XSA-41,
CVE-2013-1917 / XSA-44, CVE-2013-1919 / XSA-46,
CVE-2013-1920 / XSA-47, CVE-2013-1964 / XSA-50
- Bug fixes:
* ACPI APEI/ERST finally working on production systems
* Bug fixes for other low level system state handling
* Support for xz compressed Dom0 and DomU kernels
* Update to upstream 4.1.4:
- Replacing the following security changes by upstream versions:
* CVE-2012-3494 / XSA-12, CVE-2012-3495 / XSA-13,
CVE-2012-3496 / XSA-14, CVE-2012-3498 / XSA-16,
CVE-2012-3515 / XSA-17, CVE-2012-4411 / XSA-19,
CVE-2012-4535 / XSA-20, CVE-2012-4536 / XSA-21,
CVE-2012-4537 / XSA-22, CVE-2012-4538 / XSA-23,
CVE-2012-4539 / XSA-24, CVE-2012-4544 / XSA-25,
CVE-2012-2625 / XSA-25, CVE-2012-5510 / XSA-26,
CVE-2012-5511 / XSA-27, CVE-2012-5512 / XSA-28,
CVE-2012-5513 / XSA-29, CVE-2012-5514 / XSA-30,
CVE-2012-5515 / XSA-31
- Bug fixes:
* A fix for a long standing time management issue
* Bug fixes for S3 (suspend to RAM) handling
* Bug fixes for other low level system state handling
* Update to upstream 4.1.3:
- Replacing the following security changes by upstream versions:
* CVE-2012-0217 / XSA-7, CVE-2012-0218 / XSA-8,
CVE-2012-2934 / XSA-9, CVE-2012-3432 / XSA-10,
CVE-2012-3433 / XSA-11
- Bug fixes:
* Updates for the latest Intel/AMD CPU revisions
* Bug fixes and improvements to the libxl tool stack
* Bug fixes for IOMMU handling (device passthrough to HVM guests)
* Bug fixes for host kexec/kdump
* Dropping the following patches previously added as they are included
in the upstream stable release:
- upstream-24883-adcd6ab160fa.patch
- xen-introduce-xzalloc.patch
- xen-backport-per-device-vector-map.patch
- 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
- 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
- 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
* Fix translation import problem caused by duplicate message ID
(LP: #1176209).
- tools-xm-fix-duplicate-msgid.patch
-- Stefan Bader <email address hidden> Fri, 21 Jun 2013 14:55:54 +0200
|
1180396 |
Xen stable update to 4.1.5 |
1176209 |
Import problem caused by duplicate message ID |
CVE-2012-5634 |
RESERVED |
CVE-2013-0153 |
RESERVED |
CVE-2013-0215 |
RESERVED |
CVE-2012-6075 |
qemu e1000 emulated device guest-side buffer overflow |
CVE-2013-1917 |
Xen PV DoS vulnerability with SYSENTER |
CVE-2013-1919 |
Several access permission issues with IRQs for unprivileged guests |
CVE-2013-1920 |
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong or |
CVE-2013-1964 |
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when ... |
CVE-2012-3494 |
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 sys |
CVE-2012-3495 |
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_p |
CVE-2012-3496 |
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV O |
CVE-2012-3498 |
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host cra |
CVE-2012-3515 |
Qemu VT100 emulation vulnerability |
CVE-2012-4411 |
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor |
CVE-2012-4535 |
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical |
CVE-2012-4536 |
The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen |
CVE-2012-4537 |
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which |
CVE-2012-4538 |
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which all |
CVE-2012-4539 |
Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infi |
CVE-2012-4544 |
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows |
CVE-2012-2625 |
The PyGrub boot loader in Xen unstable before changeset ... |
CVE-2012-5510 |
Xen 4.x, when downgrading the grant table version, does not properly ... |
CVE-2012-5511 |
Stack-based buffer overflow in the dirty video RAM tracking ... |
CVE-2012-5512 |
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 ... |
CVE-2012-5513 |
The XENMEM_exchange handler in Xen 4.2 and earlier does not properly ... |
CVE-2012-5514 |
The guest_physmap_mark_populate_on_demand function in Xen 4.2 and ... |
CVE-2012-5515 |
The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and ... |
CVE-2012-0217 |
RESERVED |
CVE-2012-0218 |
RESERVED |
CVE-2012-2934 |
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, ... |
CVE-2012-3432 |
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset |
CVE-2012-3433 |
Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical addres |
|