xen: security advisories 26-32

Bug #1086875 reported by Stefan Bader on 2012-12-05
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xen (Ubuntu)
Medium
Stefan Bader
Oneiric
Medium
Stefan Bader
Precise
Medium
Stefan Bader
Quantal
Medium
Stefan Bader
Raring
Medium
Stefan Bader
Stefan Bader (smb) on 2012-12-06
Changed in xen (Ubuntu Oneiric):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Changed in xen (Ubuntu Precise):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Changed in xen (Ubuntu Quantal):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Changed in xen (Ubuntu Raring):
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.3-3ubuntu1.1

---------------
xen (4.1.3-3ubuntu1.1) quantal-security; urgency=low

  * Applying Xen Security fixes (LP: #1086801, #1086875)
    - VCPU/timers: Prevent overflow in calculations, leading to DoS
      vulnerability
      CVE-2012-4535
    - x86/physdev: Range check pirq parameter from guests
      CVE-2012-4536
    - x86/physmap: Prevent incorrect updates of m2p mappings
      CVE-2012-4537
    - xen/mm/shadow: check toplevel pagetables are present before unhooking
      them
      CVE-2012-4538
    - compat/gnttab: Prevent infinite loop in compat code
      CVE-2012-4539
    - libxc: builder: limit maximum size of kernel/ramdisk
      CVE-2012-4544
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
      CVE-2012-5512
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 16:40:48 +0100

Changed in xen (Ubuntu Quantal):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.2-2ubuntu2.3

---------------
xen (4.1.2-2ubuntu2.3) precise-security; urgency=low

  * Applying Xen Security fixes (LP: #1086801, #1086875)
    - VCPU/timers: Prevent overflow in calculations, leading to DoS
      vulnerability
      CVE-2012-4535
    - x86/physdev: Range check pirq parameter from guests
      CVE-2012-4536
    - x86/physmap: Prevent incorrect updates of m2p mappings
      CVE-2012-4537
    - xen/mm/shadow: check toplevel pagetables are present before unhooking
      them
      CVE-2012-4538
    - compat/gnttab: Prevent infinite loop in compat code
      CVE-2012-4539
    - libxc: builder: limit maximum size of kernel/ramdisk
      CVE-2012-4544
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
      CVE-2012-5512
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 15:04:25 +0100

Changed in xen (Ubuntu Precise):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.1-2ubuntu4.3

---------------
xen (4.1.1-2ubuntu4.3) oneiric-security; urgency=low

  * Applying Xen Security fixes (LP: #1086801, #1086875)
    - VCPU/timers: Prevent overflow in calculations, leading to DoS
      vulnerability
      CVE-2012-4535
    - x86/physdev: Range check pirq parameter from guests
      CVE-2012-4536
    - x86/physmap: Prevent incorrect updates of m2p mappings
      CVE-2012-4537
    - xen/mm/shadow: check toplevel pagetables are present before unhooking
      them
      CVE-2012-4538
    - compat/gnttab: Prevent infinite loop in compat code
      CVE-2012-4539
    - libxc: builder: limit maximum size of kernel/ramdisk
      CVE-2012-4544
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
      CVE-2012-5512
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 16:37:39 +0100

Changed in xen (Ubuntu Oneiric):
status: In Progress → Fix Released
Stefan Bader (smb) on 2012-12-07
Changed in xen (Ubuntu Raring):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package xen - 4.2.0-1ubuntu4

---------------
xen (4.2.0-1ubuntu4) raring; urgency=low

  * Applying Xen Security fixes (LP: #1086875)
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
    - x86: get_page_from_gfn() must return NULL for invalid GFNs
      CVE-2012-5525

xen (4.2.0-1ubuntu3) raring; urgency=low

  * tools-ocaml-fix-build: refresh and reenable (and fix the description
    of) this patch. Without it the ocam native libraries (*.cmxa)
    build in /build local paths rather than appropriatly versioned
    library references.

xen (4.2.0-1ubuntu2) raring; urgency=low

  * Drop replaces and conflicts for xen3 packages (they are no longer
    in the upgrade path) from debian/control:
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-3.3
  * Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
    This will again use the Ubuntu specific LDFLAGS (using some
    hardening options). Older releases would always pass those options
    in the environment but that changed.
  * Ressurrect qemu-dm for now (upstream qemu would not support
    migration, yet). Forward-port some patches from the old Debian
    package which still included qemu-dm:
    - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
    - qemu-disable-blktap (this is not present in upstream)
    - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
      be provided by qemu/kvm package)
  * Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
    up hvmloader build. kvm-ipxe contains a subset of the rom files from
    which the Xen build only uses two to be embedded in the hvmloader.
  * XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
    - CVE-2012-4535
  * XSA-22: Prevent incorrect updates of m2p mappings
    - CVE-2012-4537
  * XSA-23: check toplevel pagetables are present before unhooking them
    - CVE-2012-4538
  * XSA-24: Prevent infinite loop in compat code
    - CVE-2012-4539
  * XSA-25: limit maximum size of kernel/ramdisk
    - CVE-2012-4544

xen (4.2.0-1ubuntu1) raring; urgency=low

  * Merge from Debian Experimental, Remaining changes:
    - debian/control:
      - Build depends on ipxe-qemu.
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
      - Make sure the LDFLAGS value passed is suitable for use by ld
        rather than gcc.
    - disable debian/patches/config-etherboot.diff.
    - debian/patches...

Read more...

Changed in xen (Ubuntu Raring):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers