xen (4.6.5-0ubuntu1) xenial; urgency=medium
* Rebasing to upstream stable release 4.6.5 (LP: #1671864)
https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
- Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
hosts which support the TSC_ADJUST MSR (LP: #1671760)
- Additional security relevant changes:
* CVE-2013-2076 / XSA-052 (update)
- Information leak on XSAVE/XRSTOR capable AMD CPUs
* CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
- x86: Mishandling of instruction pointer truncation during emulation
* XSA-207
- memory leak when destroying guest without PT devices
- Replacing the following security fixes with the versions from the
stable update:
* CVE-2015-7812 / XSA-145
- arm: Host crash when preempting a multicall
* CVE-2015-7813 / XSA-146
- arm: various unimplemented hypercalls log without rate limiting
* CVE-2015-7814 / XSA-147
- arm: Race between domain destruction and memory allocation decrease
* CVE-2015-7835 / XSA-148
- x86: Uncontrolled creation of large page mappings by PV guests
* CVE-2015-7969 / XSA-149, XSA-151
- leak of main per-domain vcpu pointer array
- x86: leak of per-domain profiling-related vcpu pointer array
* CVE-2015-7970 / XSA-150
- x86: Long latency populate-on-demand operation is not preemptible
* CVE-2015-7971 / XSA-152
- x86: some pmu and profiling hypercalls log without rate limiting
* CVE-2015-7972 / XSA-153
- x86: populate-on-demand balloon size inaccuracy can crash guests
* CVE-2016-2270 / XSA-154
- x86: inconsistent cachability flags on guest mappings
* CVE-2015-8550 / XSA-155
- paravirtualized drivers incautious about shared memory contents
* CVE-2015-5307, CVE-2015-8104 / XSA-156
- x86: CPU lockup during exception delivery
* CVE-2015-8338 / XSA-158
- long running memory operations on ARM
* CVE-2015-8339, CVE-2015-8340 / XSA-159
XENMEM_exchange error handling issues
* CVE-2015-8341 / XSA-160
- libxl leak of pv kernel and initrd on error
* CVE-2015-8555 / XSA-165
- information leak in legacy x86 FPU/XMM initialization
* XSA-166
- ioreq handling possibly susceptible to multiple read issue
* CVE-2016-1570 / XSA-167
- PV superpage functionality missing sanity checks
* CVE-2016-1571 / XSA-168
- VMX: intercept issue with INVLPG on non-canonical address
* CVE-2015-8615 / XSA-169
- x86: unintentional logging upon guest changing callback method
* CVE-2016-2271 / XSA-170
- VMX: guest user mode may crash guest with non-canonical RIP
* CVE-2016-3158, CVE-2016-3159 / XSA-172
- broken AMD FPU FIP/FDP/FOP leak workaround
* CVE-2016-3960 / XSA-173
- x86 shadow pagetables: address width overflow
* CVE-2016-4962 / XSA-175
- Unsanitised guest input in libxl device handling code
* CVE-2016-4480 / XSA-176
- x86 software guest page walk PS bit handling flaw
* CVE-2016-4963 / XSA-178
- Unsanitised driver domain input in libxl device handling
* CVE-2016-5242 / XSA-181
- arm: Host crash caused by VMID exhaustion
* CVE-2016-6258 / XSA-182
- x86: Privilege escalation in PV guests
* CVE-2016-6259 / XSA-183
- x86: Missing SMAP whitelisting in 32-bit exception / event delivery
* CVE-2016-7092 / XSA-185
- x86: Disallow L3 recursive pagetable for 32-bit PV guests
* CVE-2016-7094 / XSA-187
- x86 HVM: Overflow of sh_ctxt->seg_reg[]
* CVE-2016-7777 / XSA-190
- CR0.TS and CR0.EM not always honored for x86 HVM guests
* CVE-2016-9386 / XSA-191
- x86 null segments not always treated as unusable
* CVE-2016-9382 / XSA-192
- x86 task switch to VM86 mode mis-handled
* CVE-2016-9385 / XSA-193
- x86 segment base write emulation lacking canonical address checks
* CVE-2016-9383 / XSA-195
- x86 64-bit bit test instruction emulation broken
* CVE-2016-9377, CVE-2016-9378 / XSA-196
- x86 software interrupt injection mis-handled
* CVE-2016-9379, CVE-2016-9380 / XSA-198
- delimiter injection vulnerabilities in pygrub
* CVE-2016-9932 / XSA-200
- x86 CMPXCHG8B emulation fails to ignore operand size override
* CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
- ARM guests may induce host asynchronous abort
* CVE-2016-10024 / XSA-202
- x86 PV guests may be able to mask interrupts
* CVE-2016-10025 / XSA-203
- x86: missing NULL pointer check in VMFUNC emulation
* CVE-2016-10013 / XSA-204
- x86: Mishandling of SYSCALL singlestep during emulation
Date: Tue, 14 Mar 2017 16:08:39 +0100
Changed-By: Stefan Bader <stefan.ba...@canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/xen/4.6.5-0ubuntu1
Format: 1.8
Date: Tue, 14 Mar 2017 16:08:39 +0100
Source: xen
Binary: libxen-4.6 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common
xen-utils-4.6 xen-hypervisor-4.6-amd64 xen-system-amd64
xen-hypervisor-4.6-arm64 xen-system-arm64 xen-hypervisor-4.6-armhf
xen-system-armhf xen-hypervisor-4.4-amd64 xen-hypervisor-4.4-armhf
xen-hypervisor-4.4-arm64 xen-hypervisor-4.5-amd64 xen-hypervisor-4.5-armhf
xen-hypervisor-4.5-arm64
Architecture: source
Version: 4.6.5-0ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Stefan Bader <stefan.ba...@canonical.com>
Description:
libxen-4.6 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxenstore3.0 - Xenstore communications library for Xen
xen-hypervisor-4.4-amd64 - Transitional package for upgrade
xen-hypervisor-4.4-arm64 - Transitional package for upgrade
xen-hypervisor-4.4-armhf - Transitional package for upgrade
xen-hypervisor-4.5-amd64 - Transitional package for upgrade
xen-hypervisor-4.5-arm64 - Transitional package for upgrade
xen-hypervisor-4.5-armhf - Transitional package for upgrade
xen-hypervisor-4.6-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.6-arm64 - Xen Hypervisor on ARM64
xen-hypervisor-4.6-armhf - Xen Hypervisor on ARMHF
xen-system-amd64 - Xen System on AMD64 (meta-package)
xen-system-arm64 - Xen System on ARM64 (meta-package)
xen-system-armhf - Xen System on ARMHF (meta-package)
xen-utils-4.6 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore command line utilities for Xen
Launchpad-Bugs-Fixed: 1671760 1671864
Changes:
xen (4.6.5-0ubuntu1) xenial; urgency=medium
.
* Rebasing to upstream stable release 4.6.5 (LP: #1671864)
https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
- Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
hosts which support the TSC_ADJUST MSR (LP: #1671760)
- Additional security relevant changes:
* CVE-2013-2076 / XSA-052 (update)
- Information leak on XSAVE/XRSTOR capable AMD CPUs
* CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
- x86: Mishandling of instruction pointer truncation during emulation
* XSA-207
- memory leak when destroying guest without PT devices
- Replacing the following security fixes with the versions from the
stable update:
* CVE-2015-7812 / XSA-145
- arm: Host crash when preempting a multicall
* CVE-2015-7813 / XSA-146
- arm: various unimplemented hypercalls log without rate limiting
* CVE-2015-7814 / XSA-147
- arm: Race between domain destruction and memory allocation decrease
* CVE-2015-7835 / XSA-148
- x86: Uncontrolled creation of large page mappings by PV guests
* CVE-2015-7969 / XSA-149, XSA-151
- leak of main per-domain vcpu pointer array
- x86: leak of per-domain profiling-related vcpu pointer array
* CVE-2015-7970 / XSA-150
- x86: Long latency populate-on-demand operation is not preemptible
* CVE-2015-7971 / XSA-152
- x86: some pmu and profiling hypercalls log without rate limiting
* CVE-2015-7972 / XSA-153
- x86: populate-on-demand balloon size inaccuracy can crash guests
* CVE-2016-2270 / XSA-154
- x86: inconsistent cachability flags on guest mappings
* CVE-2015-8550 / XSA-155
- paravirtualized drivers incautious about shared memory contents
* CVE-2015-5307, CVE-2015-8104 / XSA-156
- x86: CPU lockup during exception delivery
* CVE-2015-8338 / XSA-158
- long running memory operations on ARM
* CVE-2015-8339, CVE-2015-8340 / XSA-159
XENMEM_exchange error handling issues
* CVE-2015-8341 / XSA-160
- libxl leak of pv kernel and initrd on error
* CVE-2015-8555 / XSA-165
- information leak in legacy x86 FPU/XMM initialization
* XSA-166
- ioreq handling possibly susceptible to multiple read issue
* CVE-2016-1570 / XSA-167
- PV superpage functionality missing sanity checks
* CVE-2016-1571 / XSA-168
- VMX: intercept issue with INVLPG on non-canonical address
* CVE-2015-8615 / XSA-169
- x86: unintentional logging upon guest changing callback method
* CVE-2016-2271 / XSA-170
- VMX: guest user mode may crash guest with non-canonical RIP
* CVE-2016-3158, CVE-2016-3159 / XSA-172
- broken AMD FPU FIP/FDP/FOP leak workaround
* CVE-2016-3960 / XSA-173
- x86 shadow pagetables: address width overflow
* CVE-2016-4962 / XSA-175
- Unsanitised guest input in libxl device handling code
* CVE-2016-4480 / XSA-176
- x86 software guest page walk PS bit handling flaw
* CVE-2016-4963 / XSA-178
- Unsanitised driver domain input in libxl device handling
* CVE-2016-5242 / XSA-181
- arm: Host crash caused by VMID exhaustion
* CVE-2016-6258 / XSA-182
- x86: Privilege escalation in PV guests
* CVE-2016-6259 / XSA-183
- x86: Missing SMAP whitelisting in 32-bit exception / event delivery
* CVE-2016-7092 / XSA-185
- x86: Disallow L3 recursive pagetable for 32-bit PV guests
* CVE-2016-7094 / XSA-187
- x86 HVM: Overflow of sh_ctxt->seg_reg[]
* CVE-2016-7777 / XSA-190
- CR0.TS and CR0.EM not always honored for x86 HVM guests
* CVE-2016-9386 / XSA-191
- x86 null segments not always treated as unusable
* CVE-2016-9382 / XSA-192
- x86 task switch to VM86 mode mis-handled
* CVE-2016-9385 / XSA-193
- x86 segment base write emulation lacking canonical address checks
* CVE-2016-9383 / XSA-195
- x86 64-bit bit test instruction emulation broken
* CVE-2016-9377, CVE-2016-9378 / XSA-196
- x86 software interrupt injection mis-handled
* CVE-2016-9379, CVE-2016-9380 / XSA-198
- delimiter injection vulnerabilities in pygrub
* CVE-2016-9932 / XSA-200
- x86 CMPXCHG8B emulation fails to ignore operand size override
* CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
- ARM guests may induce host asynchronous abort
* CVE-2016-10024 / XSA-202
- x86 PV guests may be able to mask interrupts
* CVE-2016-10025 / XSA-203
- x86: missing NULL pointer check in VMFUNC emulation
* CVE-2016-10013 / XSA-204
- x86: Mishandling of SYSCALL singlestep during emulation
Checksums-Sha1:
dcc7a3e21b095d1a34dfac347cab82eba7c26456 3584 xen_4.6.5-0ubuntu1.dsc
74081fdbd38607576fdeec72d3639694170e9ac1 3687256 xen_4.6.5.orig.tar.xz
cbe8caa37760d0f6a647adb18f41199fa9455f6c 62320 xen_4.6.5-0ubuntu1.debian.tar.xz
Checksums-Sha256:
268f09b9609828b14cd105a429d9e9405f8a64a98b06814d8b7261ae9c2b757f 3584
xen_4.6.5-0ubuntu1.dsc
d859fff62afa08076d978851e9d8a8e34c2e301f99139e0feb57545e0674fc6f 3687256
xen_4.6.5.orig.tar.xz
4e5bbe6859023337d50d1d51d3e3f2e8619e7cfc86262e14deb203fe22872b58 62320
xen_4.6.5-0ubuntu1.debian.tar.xz
Files:
b055471800f6f2e04fbe66a3db77b746 3584 kernel optional xen_4.6.5-0ubuntu1.dsc
09c0d05e15463c44135e8fe3713e8c2b 3687256 kernel optional xen_4.6.5.orig.tar.xz
f63f274361fbaa35be72e587b46f8b1e 62320 kernel optional
xen_4.6.5-0ubuntu1.debian.tar.xz
Original-Maintainer: Debian Xen Team <pkg-xen-de...@lists.alioth.debian.org>
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
