xen: security advisories 20-25

Bug #1086801 reported by Stefan Bader on 2012-12-05
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xen (Ubuntu)
Medium
Stefan Bader
Oneiric
Medium
Stefan Bader
Precise
Medium
Stefan Bader
Quantal
Medium
Stefan Bader
Raring
Medium
Stefan Bader
Stefan Bader (smb) on 2012-12-05
information type: Public → Public Security
Stefan Bader (smb) wrote :

Raring (in proposed) has all applied, except XSA21 (which only affects Xen-4.1)

Stefan Bader (smb) on 2012-12-06
Changed in xen (Ubuntu):
status: Confirmed → In Progress
Changed in xen (Ubuntu Oneiric):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Changed in xen (Ubuntu Precise):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Changed in xen (Ubuntu Quantal):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.3-3ubuntu1.1

---------------
xen (4.1.3-3ubuntu1.1) quantal-security; urgency=low

  * Applying Xen Security fixes (LP: #1086801, #1086875)
    - VCPU/timers: Prevent overflow in calculations, leading to DoS
      vulnerability
      CVE-2012-4535
    - x86/physdev: Range check pirq parameter from guests
      CVE-2012-4536
    - x86/physmap: Prevent incorrect updates of m2p mappings
      CVE-2012-4537
    - xen/mm/shadow: check toplevel pagetables are present before unhooking
      them
      CVE-2012-4538
    - compat/gnttab: Prevent infinite loop in compat code
      CVE-2012-4539
    - libxc: builder: limit maximum size of kernel/ramdisk
      CVE-2012-4544
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
      CVE-2012-5512
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 16:40:48 +0100

Changed in xen (Ubuntu Quantal):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.2-2ubuntu2.3

---------------
xen (4.1.2-2ubuntu2.3) precise-security; urgency=low

  * Applying Xen Security fixes (LP: #1086801, #1086875)
    - VCPU/timers: Prevent overflow in calculations, leading to DoS
      vulnerability
      CVE-2012-4535
    - x86/physdev: Range check pirq parameter from guests
      CVE-2012-4536
    - x86/physmap: Prevent incorrect updates of m2p mappings
      CVE-2012-4537
    - xen/mm/shadow: check toplevel pagetables are present before unhooking
      them
      CVE-2012-4538
    - compat/gnttab: Prevent infinite loop in compat code
      CVE-2012-4539
    - libxc: builder: limit maximum size of kernel/ramdisk
      CVE-2012-4544
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
      CVE-2012-5512
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 15:04:25 +0100

Changed in xen (Ubuntu Precise):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xen - 4.1.1-2ubuntu4.3

---------------
xen (4.1.1-2ubuntu4.3) oneiric-security; urgency=low

  * Applying Xen Security fixes (LP: #1086801, #1086875)
    - VCPU/timers: Prevent overflow in calculations, leading to DoS
      vulnerability
      CVE-2012-4535
    - x86/physdev: Range check pirq parameter from guests
      CVE-2012-4536
    - x86/physmap: Prevent incorrect updates of m2p mappings
      CVE-2012-4537
    - xen/mm/shadow: check toplevel pagetables are present before unhooking
      them
      CVE-2012-4538
    - compat/gnttab: Prevent infinite loop in compat code
      CVE-2012-4539
    - libxc: builder: limit maximum size of kernel/ramdisk
      CVE-2012-4544
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - x86/HVM: range check xen_hvm_set_mem_access.hvmmem_access before use
      CVE-2012-5512
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 16:37:39 +0100

Changed in xen (Ubuntu Oneiric):
status: In Progress → Fix Released
Stefan Bader (smb) on 2012-12-07
Changed in xen (Ubuntu Raring):
status: In Progress → Fix Committed
Stefan Bader (smb) wrote :

Those would be released now. Unfortunately did not have the right reference in the follow-up upload.

Changed in xen (Ubuntu Raring):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers