* Applying Xen Security fixes (LP: #1086875)
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_mark_populate_on_demand()
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
- x86: get_page_from_gfn() must return NULL for invalid GFNs
CVE-2012-5525
xen (4.2.0-1ubuntu3) raring; urgency=low
* tools-ocaml-fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
xen (4.2.0-1ubuntu2) raring; urgency=low
* Drop replaces and conflicts for xen3 packages (they are no longer
in the upgrade path) from debian/control:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-qemu-disable-qemu-upstream (breaks build and also should
be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
- CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
- CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
- CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
- CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
- CVE-2012-4544
xen (4.2.0-1ubuntu1) raring; urgency=low
* Merge from Debian Experimental, Remaining changes:
- debian/control:
- Build depends on ipxe-qemu.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
- disable debian/patches/config-etherboot.diff.
- debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.
xen (4.2.0-1) experimental; urgency=low
* New upstream release.
xen (4.2.0~rc3-1) experimental; urgency=low
* New upstream snapshot.
xen (4.2.0~rc2-1) experimental; urgency=low
* New upstream snapshot.
* Build-depend against libglib2.0-dev and libyajl-dev.
* Disable seabios build for now.
* Remove support for Lenny and earlier.
* Support build-arch and build-indep make targets.
-- Stefan Bader <email address hidden> Wed, 05 Dec 2012 18:13:25 +0100
This bug was fixed in the package xen - 4.2.0-1ubuntu4
---------------
xen (4.2.0-1ubuntu4) raring; urgency=low
* Applying Xen Security fixes (LP: #1086875) mark_populate_ on_demand( )
- gnttab: fix releasing of memory upon switches between versions
CVE-2012-5510
- hvm: Limit the size of large HVM op batches
CVE-2012-5511
- xen: add missing guest address range checks to XENMEM_exchange handlers
CVE-2012-5513
- xen: fix error handling of guest_physmap_
CVE-2012-5514
- memop: limit guest specified extent order
CVE-2012-5515
- x86: get_page_from_gfn() must return NULL for invalid GFNs
CVE-2012-5525
xen (4.2.0-1ubuntu3) raring; urgency=low
* tools-ocaml- fix-build: refresh and reenable (and fix the description
of) this patch. Without it the ocam native libraries (*.cmxa)
build in /build local paths rather than appropriatly versioned
library references.
xen (4.2.0-1ubuntu2) raring; urgency=low
* Drop replaces and conflicts for xen3 packages (they are no longer qemu-disable- qemu-upstream (breaks build and also should
in the upgrade path) from debian/control:
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-3.3
* Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
This will again use the Ubuntu specific LDFLAGS (using some
hardening options). Older releases would always pass those options
in the environment but that changed.
* Ressurrect qemu-dm for now (upstream qemu would not support
migration, yet). Forward-port some patches from the old Debian
package which still included qemu-dm:
- qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
- qemu-disable-blktap (this is not present in upstream)
- ubuntu-
be provided by qemu/kvm package)
* Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
up hvmloader build. kvm-ipxe contains a subset of the rom files from
which the Xen build only uses two to be embedded in the hvmloader.
* XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
- CVE-2012-4535
* XSA-22: Prevent incorrect updates of m2p mappings
- CVE-2012-4537
* XSA-23: check toplevel pagetables are present before unhooking them
- CVE-2012-4538
* XSA-24: Prevent infinite loop in compat code
- CVE-2012-4539
* XSA-25: limit maximum size of kernel/ramdisk
- CVE-2012-4544
xen (4.2.0-1ubuntu1) raring; urgency=low
* Merge from Debian Experimental, Remaining changes: patches/ config- etherboot. diff. patches/ silence- gcc-warnings. patch: Silence gcc warnings.
- debian/control:
- Build depends on ipxe-qemu.
- libxenstore3.0: Conflict and replaces libxen3.
- libxen-dev: Conflict and replaces libxen3-dev.
- xenstore-utils: Conflict and replaces libxen3
- xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
and xen-utils-4.1.
- Make sure the LDFLAGS value passed is suitable for use by ld
rather than gcc.
- disable debian/
- debian/
xen (4.2.0-1) experimental; urgency=low
* New upstream release.
xen (4.2.0~rc3-1) experimental; urgency=low
* New upstream snapshot.
xen (4.2.0~rc2-1) experimental; urgency=low
* New upstream snapshot.
* Build-depend against libglib2.0-dev and libyajl-dev.
* Disable seabios build for now.
* Remove support for Lenny and earlier.
* Support build-arch and build-indep make targets.
-- Stefan Bader <email address hidden> Wed, 05 Dec 2012 18:13:25 +0100