* Applying Xen Security fixes (LP: #1086801, #1086875)
- VCPU/timers: Prevent overflow in calculations, leading to DoS
vulnerability
CVE-2012-4535
- x86/physdev: Range check pirq parameter from guests
CVE-2012-4536
- x86/physmap: Prevent incorrect updates of m2p mappings
CVE-2012-4537
- xen/mm/shadow: check toplevel pagetables are present before unhooking
them
CVE-2012-4538
- compat/gnttab: Prevent infinite loop in compat code
CVE-2012-4539
- libxc: builder: limit maximum size of kernel/ramdisk
CVE-2012-4544
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
CVE-2012-5512
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_on_demand()
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
-- Stefan Bader <email address hidden> Wed, 05 Dec 2012 16:37:39 +0100
This bug was fixed in the package xen - 4.1.1-2ubuntu4.3
---------------
xen (4.1.1-2ubuntu4.3) oneiric-security; urgency=low
* Applying Xen Security fixes (LP: #1086801, #1086875) set_mem_ access. hvmmem_ access before use mark_populate_ on_demand( )
- VCPU/timers: Prevent overflow in calculations, leading to DoS
vulnerability
CVE-2012-4535
- x86/physdev: Range check pirq parameter from guests
CVE-2012-4536
- x86/physmap: Prevent incorrect updates of m2p mappings
CVE-2012-4537
- xen/mm/shadow: check toplevel pagetables are present before unhooking
them
CVE-2012-4538
- compat/gnttab: Prevent infinite loop in compat code
CVE-2012-4539
- libxc: builder: limit maximum size of kernel/ramdisk
CVE-2012-4544
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- x86/HVM: range check xen_hvm_
CVE-2012-5512
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
-- Stefan Bader <email address hidden> Wed, 05 Dec 2012 16:37:39 +0100