Package "libxenstore3.0"
| Name: |
libxenstore3.0
|
Description: |
Xenstore communications library for Xen
|
| Latest version: |
4.4.2-0ubuntu0.14.04.14 |
| Release: |
trusty (14.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
xen |
Links
Download "libxenstore3.0"
Other versions of "libxenstore3.0" in Trusty
Changelog
|
xen (4.4.2-0ubuntu0.14.04.6) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-3158, CVE-2016-3159 / XSA-172
* x86: fix information leak on AMD CPUs
- CVE-2016-3960 / XSA-173
* x86: limit GFNs to 32 bits for shadowed superpages.
- CVE-2016-4962 / XSA-175
* libxl: Record backend/frontend paths in /libxl/$DOMID
* libxl: Provide libxl__backendpath_parse_domid
* libxl: Do not trust frontend in libxl__devices_destroy
* libxl: Do not trust frontend in libxl__device_nextid
* libxl: Do not trust frontend for disk eject event
* libxl: Do not trust frontend for disk in getinfo
* libxl: Do not trust frontend for vtpm list
* libxl: Do not trust frontend for vtpm in getinfo
* libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
* libxl: Do not trust frontend for nic in getinfo
* libxl: Cleanup: Have libxl__alloc_vdev use /libxl
* libxl: Document ~/serial/ correctly
- CVE-2016-4480 / XSA-176
* x86/mm: fully honor PS bits in guest page table walks
- CVE-2016-4963 / XSA-178
* libxl: Do not trust backend for vtpm in getinfo (except uuid)
* libxl: Do not trust backend for vtpm in getinfo (uuid)
* libxl: cdrom eject and insert: write to /libxl
* libxl: Do not trust backend for disk eject vdev
* libxl: Do not trust backend for disk; fix driver domain disks list
* libxl: Do not trust backend for disk in getinfo
* libxl: Do not trust backend for cdrom insert
* libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
* libxl: Rename READ_BACKEND to READ_LIBXLDEV
* libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
* libxl: Do not trust backend in nic getinfo
* libxl: Do not trust backend for nic in devid_to_device
* libxl: Do not trust backend for nic in list
* libxl: Cleanup: use libxl__backendpath_parse_domid in
libxl__device_disk_from_xs_be
* libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
- CVE-2016-3710 / XSA-179 (qemu traditional)
* vga: fix banked access bounds checking
* vga: add vbe_enabled() helper
* vga: factor out vga register setup
* vga: update vga register setup on vbe changes
* vga: make sure vga register setup for vbe stays intact
- CVE-2014-3672 / XSA-180 (qemu traditional)
* main loop: Big hammer to fix logfile disk DoS in Xen setups
- CVE-2016-5242 / XSA-181
* xen/arm: Don't free p2m->first_level in p2m_teardown() before
it has been allocated
-- Stefan Bader <email address hidden> Mon, 06 Jun 2016 14:17:35 +0200
|
| Source diff to previous version |
| CVE-2016-3158 |
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, whic |
| CVE-2016-3159 |
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, w |
| CVE-2016-3960 |
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privi |
| CVE-2016-4962 |
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or managem |
| CVE-2016-4480 |
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit |
| CVE-2016-4963 |
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management |
| CVE-2016-3710 |
incorrect banked access bounds checking in vga module |
| CVE-2014-3672 |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing t |
| CVE-2016-5242 |
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial |
|
|
xen (4.4.2-0ubuntu0.14.04.5) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-2270 / XSA-154
* x86: enforce consistent cachability of MMIO mappings
- CVE-2016-1570 / XSA-167
* x86/mm: PV superpage handling lacks sanity checks
- CVE-2016-1571 / XSA-168
* x86/VMX: prevent INVVPID failure due to non-canonical guest address
- CVE-2015-8615 / XSA-169
* x86: make debug output consistent in hvm_set_callback_via
- CVE-2016-2271 / XSA-170
* x86/VMX: sanitize rIP before re-entering guest
-- Stefan Bader <email address hidden> Tue, 23 Feb 2016 22:16:17 +0100
|
| Source diff to previous version |
| CVE-2016-2270 |
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO p |
| CVE-2016-1570 |
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, |
| CVE-2016-1571 |
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, |
| CVE-2015-8615 |
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback |
| CVE-2016-2271 |
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors r |
|
|
xen (4.4.2-0ubuntu0.14.04.4) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-8550 / XSA-155
* blkif: Avoid double access to src->nr_segments
* xenfb: avoid reading twice the same fields from the shared page
* xen: Add RING_COPY_REQUEST()
* blktap2: Use RING_COPY_REQUEST
* libvchan: Read prod/cons only once.
- CVE-2015-8338 / XSA-158
* memory: split and tighten maximum order permitted in memops
- CVE-2015-8339, CVE-2015-8340 / XSA-159
* memory: fix XENMEM_exchange error handling
- CVE-2015-8341 / XSA-160
* libxl: Fix bootloader-related virtual memory leak on pv
build failure
- CVE-2015-7504 / XSA-162
* net: pcnet: add check to validate receive data size
- CVE-2015-8554 / XSA-164
* MSI-X: avoid array overrun upon MSI-X table writes
- CVE-2015-8555 / XSA-165
* x86: don't leak ST(n)/XMMn values to domains first using them
- CVE-2015-???? / XSA-166
* x86/HVM: avoid reading ioreq state more than once
-- Stefan Bader Wed, 16 Dec 2015 18:26:30 +0100
|
| Source diff to previous version |
|
|
|
xen (4.4.2-0ubuntu0.14.04.3) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-7311 / XSA-142
* libxl: handle read-only drives with qemu-xen
- CVE-2015-7812 / XSA-145
* xen/arm: Support hypercall_create_continuation for multicall
- CVE-2015-7813 / XSA-146
* xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
- CVE-2015-7814 / XSA-147
* xen: arm: handle races between relinquish_memory and
free_domheap_pages
- CVE-2015-7835 / XSA-148
* x86: guard against undue super page PTE creation
- CVE-2015-7969 / XSA-149
* xen: free domain's vcpu array
- CVE-2015-7970 / XSA-150
* x86/PoD: Eager sweep for zeroed pages
- CVE-2015-7969 / XSA-151
* xenoprof: free domain's vcpu array
- CVE-2015-7971 / XSA-152
* x86: rate-limit logging in do_xen{oprof,pmu}_op()
- CVE-2015-7972 / XSA-153
* libxl: adjust PoD target by memory fudge, too
- CVE-2015-5307 / XSA-156
* x86/HVM: always intercept #AC and #DB
-- Stefan Bader Tue, 03 Nov 2015 15:18:39 -0600
|
| Source diff to previous version |
| CVE-2015-7311 |
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest u |
| CVE-2015-7812 |
arm: Host crash when preempting a multicall |
| CVE-2015-7813 |
Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests t |
| CVE-2015-7814 |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control t |
| CVE-2015-7835 |
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV gues |
| CVE-2015-7969 |
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memo |
| CVE-2015-7970 |
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest adm |
| CVE-2015-7971 |
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local gu |
| CVE-2015-7972 |
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4. |
| CVE-2015-5307 |
RESERVED |
|
|
xen (4.4.2-0ubuntu0.14.04.2) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2015-4103 / XSA-128
* properly gate host writes of modified PCI CFG contents
- CVE-2015-4104 / XSA-129
* xen: don't allow guest to control MSI mask register
- CVE-2015-4105 / XSA-130
* xen/MSI-X: disable logging by default
- CVE-2015-4106 / XSA-131
* xen/MSI: don't open-code pass-through of enable bit modifications
* xen/pt: consolidate PM capability emu_mask
* xen/pt: correctly handle PM status bit
* xen/pt: split out calculation of throughable mask in PCI config space
handling
* xen/pt: mark all PCIe capability bits read-only
* xen/pt: mark reserved bits in PCI config space fields
* xen/pt: add a few PCI config space field descriptions
* xen/pt: unknown PCI config space fields should be read-only
- CVE-2015-4163 / XSA-134
* gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
- CVE-2015-3209 / XSA-135
* pcnet: fix Negative array index read
* pcnet: force the buffer access to be in bounds during tx
- CVE-2015-4164 / XSA-136
* x86/traps: loop in the correct direction in compat_iret()
- CVE-2015-3259 / XSA-137
* xl: Sane handling of extra config file arguments
- CVE-2015-5154 / XSA-138
* ide: Check array bounds before writing to io_buffer
* ide: Clear DRQ after handling all expected accesses
- CVE-2015-5165 / XSA-140
* rtl8139: avoid nested ifs in IP header parsing
* rtl8139: drop tautologous if (ip) {...} statement
* rtl8139: skip offload on short Ethernet/IP header
* rtl8139: check IP Header Length field
* rtl8139: check IP Total Length field
* rtl8139: skip offload on short TCP header
* rtl8139: check TCP Data Offset field
- CVE-2015-6654 / XSA-141
* xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
-- Stefan Bader Mon, 31 Aug 2015 11:11:36 +0200
|
| CVE-2015-4103 |
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators c |
| CVE-2015-4104 |
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service ( |
| CVE-2015-4105 |
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (ho |
| CVE-2015-4106 |
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to |
| CVE-2015-4163 |
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial o |
| CVE-2015-3209 |
heap overflow in qemu pcnet controller allowing guest to host escape |
| CVE-2015-4164 |
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a d |
| CVE-2015-3259 |
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long |
| CVE-2015-5154 |
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local |
| CVE-2015-5165 |
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read pro |
|
About
-
Send Feedback to @ubuntu_updates
