UbuntuUpdates.org

  xen (4.1.2-2ubuntu2.8) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-1917 / XSA-44
      x86: clear EFLAGS.NT in SYSENTER entry path
    - CVE-2013-1919 / XSA-46
      x86: fix various issues with handling guest IRQs
    - CVE-2013-1920 / XSA-47
      defer event channel bucket pointer store until after XSM checks
 -- Stefan Bader <email address hidden> Thu, 11 Apr 2013 17:18:46 +0200

  xen (4.1.2-2ubuntu2.7) precise-proposed; urgency=low

  * Fix HVM VCPUs getting stuck on boot when host supports SMEP (LP: #1157757)
    - 0008-vmx-Simplify-cr0-update-handling-by-deferring-cr4-ch.patch
    - 0009-VMX-disable-SMEP-feature-when-guest-is-in-non-paging.patch
    - 0010-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-.patch
 -- Stefan Bader <email address hidden> Mon, 08 Apr 2013 17:53:45 +0200

  xen (4.1.2-2ubuntu2.6) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - ACPI: acpi_table_parse() should return handler's error code
      CVE-2013-0153 / XSA-36
    - oxenstored incorrect handling of certain Xenbus ring states
      CVE-2013-0215 / XSA-38
  * xen-introduce-xzalloc.patch
    Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  * xen-backport-per-device-vector-map.patch
    Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
    Also fixes issues on AMD systems which could cause Dom0 to loose disks
    under heavy I/O (because PCI-E devices could use the same IOAPIC vector
    as the SMBus).
 -- Stefan Bader <email address hidden> Wed, 30 Jan 2013 12:36:41 +0100

  xen (4.1.2-2ubuntu2.5) precise-security; urgency=low

  * Applying Xen Security Advisory:
    - VT-d: fix interrupt remapping source validation for devices behind
      legacy bridges
      CVE-2012-5634
  * Applying qemu security fixes:
    - e1000: Discard packets that are too long if !SBP and !LPE
      CVE-2012-6075
    - Discard packets longer than 16384 when !SBP to match the hardware
      behavior.
      CVE-2012-6075
 -- Stefan Bader <email address hidden> Mon, 07 Jan 2013 18:58:27 +0100

  xen (4.1.2-2ubuntu2.4) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via MMIO regions
    - debian/patches/CVE-2012-3432.patch: don't leave emulator in an
      inconsistent state in xen/arch/x86/hvm/io.c.
    - CVE-2012-3432
  * SECURITY UPDATE: denial of service via excessive shared page search
    time during the p2m teardown
    - debian/patches/CVE-2012-3433.patch: only check for shared pages while
      any exist on teardown in xen/arch/x86/mm/p2m.c.
    - CVE-2012-3433
  * SECURITY UPDATE: denial of service via DR7 reserved bits
    - debian/patches/CVE-2012-3494.patch: write upper 32 bits as zeros in
      xen/include/asm-x86/debugreg.h.
    - CVE-2012-3494
  * SECURITY UPDATE: denial of service and possible privilege escalation
    via physdev_get_free_pirq hypercall.
    - debian/patches/CVE-2012-3495.patch: handle out-of-pirq condition
      correctly in xen/arch/x86/physdev.c.
    - CVE-2012-3495
  * SECURITY UPDATE: denial of service via via invalid flags
    - debian/patches/CVE-2012-3496.patch: Don't BUG_ON() PoD operations on
      a non-translated guest in xen/arch/x86/mm/p2m.c.
    - CVE-2012-3496
  * SECURITY UPDATE: denial of service and possibly hypervisor memory
    disclosure via PHYSDEVOP_map_pirq
    - debian/patches/CVE-2012-3498.patch: add validation before using in
      xen/arch/x86/physdev.c.
    - CVE-2012-3498
  * SECURITY UPDATE: privilege escalation via crafted escape VT100 sequence
    - debian/patches/CVE-2012-3515.patch: bounds check whenever changing
      the cursor due to an escape code in qemu/console.c.
    - CVE-2012-3515
  * SECURITY UPDATE: host info disclosure via qemu monitor
    - debian/patches/CVE-2012-4411.patch: disable qemu monitor by default
      in qemu/vl.c.
    - CVE-2012-4411
 -- Marc Deslauriers <email address hidden> Tue, 11 Dec 2012 10:13:24 -0500