Happened to spot (forwarded below) Ubuntu released 'their' fix for the qemu VGA exploit amongst others...
I note in particular they decided on including a patch of some form r.e. for XSA-060 ... Even though debian marked this as "Hardware design flaw, no software solution" according to the debian security-tracker page........... Wonder whats' going on there... Hope that helps anyway, --Simon -------- Forwarded Message -------- Subject: [ubuntu/precise-security] xen 4.1.6.1-0ubuntu0.12.04.11 (Accepted) Date: Tue, 14 Jun 2016 10:36:16 -0000 From: Marc Deslauriers <[email protected]> Reply-To: Marc Deslauriers <[email protected]> To: [email protected] xen (4.1.6.1-0ubuntu0.12.04.11) precise-security; urgency=low * Applying Xen Security Advisories: - CVE-2013-2212 / XSA-060 * VMX: disable EPT when !cpu_has_vmx_pat * VMX: remove the problematic set_uc_mode logic * VMX: fix cr0.cd handling - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. * x86/HVM: correct CPUID leaf 80000008 handling - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-3710 / XSA-179 (qemu traditional) * vga: fix banked access bounds checking * vga: add vbe_enabled() helper * vga: factor out vga register setup * vga: update vga register setup on vbe changes * vga: make sure vga register setup for vbe stays intact - CVE-2014-3672 / XSA-180 (qemu traditional) * main loop: Big hammer to fix logfile disk DoS in Xen setups Date: 2016-06-14 09:35:20.148875+00:00 Changed-By: Stefan Bader <[email protected]> Signed-By: Marc Deslauriers <[email protected]> https://launchpad.net/ubuntu/+source/xen/4.1.6.1-0ubuntu0.12.04.11
Sorry, changesfile not available.
-- Precise-changes mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/precise-changes
