UbuntuUpdates.org

Package "xen-system-amd64"

Name: xen-system-amd64

Description:

Xen System on AMD64 (metapackage)
Latest version: 4.11.3+24-g14b62ab3e5-1ubuntu2.3
Release: focal (20.04)
Level: updates
Repository: universe
Head package: xen
Homepage: https://xenproject.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "xen-system-amd64"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "xen-system-amd64" in Focal

Repository Area Version
base universe 4.11.3+24-g14b62ab3e5-1ubuntu2
security universe 4.11.3+24-g14b62ab3e5-1ubuntu2.3

Changelog

Version: 4.11.3+24-g14b62ab3e5-1ubuntu2.3 2022-09-19 17:07:05 UTC

  xen (4.11.3+24-g14b62ab3e5-1ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Fix multiple vulnerabilities
    - d/p/xsa312-4.11.patch: Place a speculation barrier sequence
      following an eret instruction
    - d/p/CVE-2020-11740-and-CVE-2020-11741-1.patch: clear buffer intended
      to be shared with guests
    - d/p/CVE-2020-11740-and-CVE-2020-11741-2.patch: limit consumption of
      shared buffer data
    - d/p/CVE-2020-11739.patch: Add missing memory barrier in the unlock
      path of rwlock
    - d/p/CVE-2020-11743.patch: Fix error path in map_grant_ref()
    - d/p/CVE-2020-11742.patch: fix GNTTABOP_copy continuation handling
    - d/p/CVE-2020-0543-1.patch: CPUID/MSR definitions for Special
      Register Buffer Data Sampling
    - d/p/CVE-2020-0543-2.patch: Mitigate the Special Register Buffer
      Data Sampling sidechannel
    - d/p/CVE-2020-0543-3.patch: Allow the RDRAND/RDSEED features to be
      hidden
    - d/p/CVE-2020-15566.patch: Don't ignore error in get_free_port()
    - d/p/CVE-2020-15563.patch: correct an inverted conditional in dirty
      VRAM tracking
    - d/p/CVE-2020-15565-1.patch: improve IOMMU TLB flush
    - d/p/CVE-2020-15565-2.patch: prune (and rename) cache flush
      functions
    - d/p/CVE-2020-15565-3.patch: introduce a cache sync hook
    - d/p/CVE-2020-15565-4.patch: don't assume addresses are aligned in
      sync_cache
    - d/p/CVE-2020-15564.patch: Check the alignment of the offset passed
      via VCPUOP_register_vcpu_info
    - d/p/CVE-2020-15567-1.patch: ept_set_middle_entry() related
      adjustments
    - d/p/CVE-2020-15567-2.patch: atomically modify entries in
      ept_next_level
    - d/p/CVE-2020-25602.patch: Handle the Intel-specific MSR_MISC_ENABLE
      correctly
    - d/p/CVE-2020-25604.patch: fix race when migrating timers between
      vCPUs
    - d/p/CVE-2020-25595-1.patch: get rid of read_msi_msg
    - d/p/CVE-2020-25595-2.patch: restrict reading of table/PBA bases
      from BARs
    - d/p/CVE-2020-25597.patch: relax port_is_valid()
    - d/p/CVE-2020-25596.patch: Avoid double exception injection
    - d/p/CVE-2020-25603.patch: Add missing barriers when
      accessing/allocating an event channel
    - d/p/CVE-2020-25600.patch: enforce correct upper limit for 32-bit
      guests
    - d/p/CVE-2020-25599-1.patch: evtchn_reset() shouldn't succeed with
      still-open ports
    - d/p/CVE-2020-25599-2.patch: convert per-channel lock to be IRQ-safe
    - d/p/CVE-2020-25599-3.patch: address races with evtchn_reset()
    - d/p/CVE-2020-25601-1.patch: arrange for preemption in
      evtchn_destroy()
    - d/p/CVE-2020-25601-2.patch: arrange for preemption in evtchn_reset()
    - CVE-2020-11740
    - CVE-2020-11741
    - CVE-2020-11739
    - CVE-2020-11743
    - CVE-2020-11742
    - CVE-2020-0543
    - CVE-2020-15566
    - CVE-2020-15563
    - CVE-2020-15565
    - CVE-2020-15564
    - CVE-2020-15567
    - CVE-2020-25602
    - CVE-2020-25604
    - CVE-2020-25595
    - CVE-2020-25597
    - CVE-2020-25596
    - CVE-2020-25603
    - CVE-2020-25600
    - CVE-2020-25599
    - CVE-2020-25601

 -- Luís Infante da Câmara <email address hidden> Mon, 22 Aug 2022 11:20:03 +0200
Source diff to previous version
CVE-2020-11740 An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about o
CVE-2020-11741 An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about othe
CVE-2020-11739 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing me
CVE-2020-11743 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant
CVE-2020-11742 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_
CVE-2020-0543 Special Register Buffer Data Sampling
CVE-2020-15566 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel
CVE-2020-15563 An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests
CVE-2020-15565 An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges
CVE-2020-15564 An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP
CVE-2020-15567 An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic mo
CVE-2020-25602 An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a gues
CVE-2020-25604 An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HV
CVE-2020-25595 An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been ide
CVE-2020-25597 An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in t
CVE-2020-25596 An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves va
CVE-2020-25603 An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control s
CVE-2020-25600 An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel
CVE-2020-25599 An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or
CVE-2020-25601 An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event chan

Version: 4.11.3+24-g14b62ab3e5-1ubuntu2.2 2022-08-16 17:07:06 UTC

  xen (4.11.3+24-g14b62ab3e5-1ubuntu2.2) focal; urgency=medium

  * Fix FTBFS on armhf/arm64 due to missing <asm/unaligned.h>:
    - d/p/lp1956166-0006-fix-ftbfs-arm-lzo-unaligned.h.patch


About   -   Send Feedback to @ubuntu_updates