Xen stable update to 4.7.2

Bug #1672767 reported by Stefan Bader on 2017-03-14
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xen (Ubuntu)
Medium
Unassigned
Yakkety
Medium
Unassigned

Bug Description

SRU Justification:

Impact: Upstream Xen has released a stable update to 4.7.2. Yakkety is based on 4.7.0 currently. By upgrading to the latest stable release we would gain many fixes and improvements from the upstream stable stream.

Fix: Replaced the orig tarballs with the contents of the upstream stable release. Dropping patches we have picked up already.

Testcase: Basic regression testing after upgrading.

MRE discussion: http://irclogs.ubuntu.com/2013/07/22/%23ubuntu-meeting.html#t20:33

Stefan Bader (smb) on 2017-03-14
Changed in xen (Ubuntu):
importance: Undecided → Medium
status: New → Invalid
Changed in xen (Ubuntu Yakkety):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Stefan Bader (smb) wrote :

Uploaded release candidate to: https://launchpad.net/~smb/+archive/ubuntu/xen

Stefan Bader (smb) wrote :
Stefan Bader (smb) wrote :
Stefan Bader (smb) on 2017-03-15
Changed in xen (Ubuntu Yakkety):
assignee: Stefan Bader (smb) → nobody
status: In Progress → Fix Committed

Hello Stefan, or anyone else affected,

Accepted xen into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xen/4.7.2-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Stefan Bader (smb) wrote :

Successfully re-ran regression testing with proposed version.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.7.2-0ubuntu1

---------------
xen (4.7.2-0ubuntu1) yakkety; urgency=medium

  * Rebasing to upstream stable release 4.7.2 (LP: #1672767)
    https://www.xenproject.org/downloads/xen-archives/xen-47-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part
      of the stable update.
    - Additional security relevant changes:
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7093 / XSA-186
        - x86: Mishandling of instruction pointer truncation during emulation
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9384 / XSA-194
        - guest 32-bit ELF symbol table load leaking host data
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation
  * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
    debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

 -- Stefan Bader <email address hidden> Tue, 14 Mar 2017 15:45:59 +0100

Changed in xen (Ubuntu Yakkety):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for xen has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers