UbuntuUpdates.org

Package "xen"

Name: xen

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Public libs for Xen
  • Public headers and libs for Xen
  • OCaml libraries for controlling Xen
  • OCaml libraries for controlling Xen (devel package)

Latest version: 4.4.2-0ubuntu0.14.04.14
Release: trusty (14.04)
Level: security
Repository: main

Links



Other versions of "xen" in Trusty

Repository Area Version
base universe 4.4.0-0ubuntu5
base main 4.4.0-0ubuntu5
security universe 4.4.2-0ubuntu0.14.04.14
updates main 4.4.2-0ubuntu0.14.04.14
updates universe 4.4.2-0ubuntu0.14.04.14

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.4.2-0ubuntu0.14.04.14 2017-10-16 14:06:40 UTC

  xen (4.4.2-0ubuntu0.14.04.14) trusty-security; urgency=medium

  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup

Source diff to previous version
CVE-2017-1431 IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in

Version: 4.4.2-0ubuntu0.14.04.12 2017-07-18 13:06:56 UTC

  xen (4.4.2-0ubuntu0.14.04.12) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing

 -- Stefan Bader <email address hidden> Tue, 04 Jul 2017 12:20:19 +0200

Source diff to previous version

Version: 4.4.2-0ubuntu0.14.04.11 2017-05-15 12:06:38 UTC

  xen (4.4.2-0ubuntu0.14.04.11) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: exempt dom0 from domU node quotas
      * oxenstored: perform a 3-way merge of the quota after a transaction
      * oxenstored: catch the error when a connection is already deleted
      * oxenstored: use hash table to store socket connections
      * oxenstored: enable domain connection indexing based on eventchn port
      * oxenstored: only process domain connections that notify us by events
      * oxenstored: add a safe net mechanism for existing ill-behaved clients
      * oxenstored: refactor putting response on wire
      * oxenstored: remove some unused parameters
      * oxenstored: refactor request processing
      * oxenstored: keep track of each transaction's operations
      * oxenstored: move functions that process simple operations
      * oxenstored: replay transaction upon conflict
      * oxenstored: log request and response during transaction replay
      * oxenstored: allow compilation prior to OCaml 3.12.0
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - XSA-207
      * IOMMU: always call teardown callback
    - CVE-2017-2615 / XSA-208
      * CVE-2014-8106: cirrus: fix blit region check
      * cirrus: fix oob access issue (CVE-2017-2615)
    - CVE-2017-2620 / XSA-209
      * cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
    - CVE-2016-9603 / XSA-211
      * cirrus/vnc: zap drop bitblit support from console code.
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages
    - XSA-215
      * x86: correct create_bounce_frame

 -- Stefan Bader <email address hidden> Tue, 09 May 2017 10:13:50 +0200

Source diff to previous version
CVE-2014-8106 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary co
CVE-2017-2620 display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo
CVE-2016-9603 cirrus: heap buffer overflow via vnc connection
CVE-2017-7228 An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced

Version: 4.4.2-0ubuntu0.14.04.9 2017-01-12 19:07:15 UTC

  xen (4.4.2-0ubuntu0.14.04.9) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9385 / XSA-193
      * x86/PV: writes of %fs and %gs base MSRs require canonical addresses
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
      * arm64: handle guest-generated EL1 asynchronous abort
      * arm64: handle async aborts delivered while at EL2
      * arm: crash the guest when it traps on external abort
      * arm32: handle async aborts delivered while at HYP
    - CVE-2016-10024 / XSA-202
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

 -- Stefan Bader <email address hidden> Tue, 10 Jan 2017 16:47:39 +0100

Source diff to previous version
CVE-2016-9386 x86 null segments not always treated as unusable
CVE-2016-9382 x86 task switch to VM86 mode mis-handled
CVE-2016-9385 x86 segment base write emulation lacking canonical address checks
CVE-2016-9383 x86 64-bit bit test instruction emulation broken
CVE-2016-9381 qemu incautious about shared ring processing
CVE-2016-9379 delimiter injection vulnerabilities in pygrub
CVE-2016-9380 delimiter injection vulnerabilities in pygrub
CVE-2016-9637 qemu ioport array overflow
CVE-2016-9932 x86 CMPXCHG8B emulation fails to ignore operand size override
CVE-2016-1002 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 2
CVE-2016-1001 Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.57

Version: 4.4.2-0ubuntu0.14.04.7 2016-10-11 20:06:45 UTC

  xen (4.4.2-0ubuntu0.14.04.7) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-5403 / XSA-184
      * virtio: error out if guest exceeds virtqueue size
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7154 / XSA-188
      * evtchn-fifo: prevent use after free
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <email address hidden> Thu, 06 Oct 2016 15:56:51 +0200

CVE-2016-6258 The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveragi
CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE
CVE-2016-7092 The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related
CVE-2016-7094 Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of servi
CVE-2016-7154 Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host cras
CVE-2016-7777 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM registe



About   -   Send Feedback to @ubuntu_updates