Package "xen-utils-common"
Name: |
xen-utils-common
|
Description: |
Xen administrative tools - common files
|
Latest version: |
4.4.2-0ubuntu0.14.04.14 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
xen |
Links
Download "xen-utils-common"
Other versions of "xen-utils-common" in Trusty
Changelog
xen (4.4.2-0ubuntu0.14.04.14) trusty-security; urgency=medium
* Applying Xen Security Advisories:
- CVE-2017-14316 / XSA-231
- xen/mm: make sure node is less than MAX_NUMNODES
- CVE-2017-14317 / XSA-233
- tools/xenstore: dont unlink connection object twice
- CVE-2017-14319 / XSA-234
- gnttab: also validate PTE permissions upon destroy/replace
- XSA-235
- arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
- XSA-237
- x86: don't allow MSI pIRQ mapping on unowned device
- x86: enforce proper privilege when (un)mapping pIRQ-s
- x86/MSI: disallow redundant enabling
- x86/MSI: fix error handling
- x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
paths
- x86/FLASK: fix unmap-domain-IRQ XSM hook
- XSA-239
- x86/HVM: prefill partially used variable on emulation paths
- XSA-240
- x86: limit linear page table use to a single level
- x86/mm: Disable PV linear pagetables by default
- XSA-241
- x86: don't store possibly stale TLB flush time stamp
- XSA-242
- x86: don't allow page_unlock() to drop the last type reference
- XSA-243
- x86: Disable the use of auto-translated PV guestsx86: Disable the use
of auto-translated PV guests
- x86/shadow: Don't create self-linear shadow mappings for 4-level
translated guests
- XSA-244
- x86/cpu: Fix IST handling during PCPU bringup
|
Source diff to previous version |
CVE-2017-1431 |
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in |
|
xen (4.4.2-0ubuntu0.14.04.12) trusty-security; urgency=low
* Applying Xen Security Advisories:
- XSA-217
- x86/mm: disallow page stealing from HVM domains
- XSA-218
- IOMMU: handle IOMMU mapping and unmapping failures
- gnttab: fix unmap pin accounting race
- gnttab: Avoid potential double-put of maptrack entry
- gnttab: correct maptrack table accesses
- XSA-219
- 86/shadow: Hold references for the duration of emulated writes
- XSA-221
- evtchn: avoid NULL derefs
- XSA-222
- xen/memory: Fix return value handing of guest_remove_page()
- guest_physmap_remove_page() needs its return value checked
- XSA-224
- gnttab: Fix handling of dev_bus_addr during unmap
- gnttab: never create host mapping unless asked to
- gnttab: correct logic to get page references during map requests
- gnttab: __gnttab_unmap_common_complete() is all-or-nothing
-- Stefan Bader <email address hidden> Tue, 04 Jul 2017 12:20:19 +0200
|
Source diff to previous version |
xen (4.4.2-0ubuntu0.14.04.11) trusty-security; urgency=low
* Applying Xen Security Advisories:
- XSA-206
* xenstored: apply a write transaction rate limit
* xenstored: Log when the write transaction rate limit bites
* oxenstored: exempt dom0 from domU node quotas
* oxenstored: perform a 3-way merge of the quota after a transaction
* oxenstored: catch the error when a connection is already deleted
* oxenstored: use hash table to store socket connections
* oxenstored: enable domain connection indexing based on eventchn port
* oxenstored: only process domain connections that notify us by events
* oxenstored: add a safe net mechanism for existing ill-behaved clients
* oxenstored: refactor putting response on wire
* oxenstored: remove some unused parameters
* oxenstored: refactor request processing
* oxenstored: keep track of each transaction's operations
* oxenstored: move functions that process simple operations
* oxenstored: replay transaction upon conflict
* oxenstored: log request and response during transaction replay
* oxenstored: allow compilation prior to OCaml 3.12.0
* oxenstored: comments explaining some variables
* oxenstored: handling of domain conflict-credit
* oxenstored: ignore domains with no conflict-credit
* oxenstored: add transaction info relevant to history-tracking
* oxenstored: support commit history tracking
* oxenstored: only record operations with side-effects in history
* oxenstored: discard old commit-history on txn end
* oxenstored: track commit history
* oxenstored: blame the connection that caused a transaction conflict
* oxenstored: allow self-conflicts
* oxenstored: do not commit read-only transactions
* oxenstored: don't wake to issue no conflict-credit
* oxenstored transaction conflicts: improve logging
* oxenstored: trim history in the frequent_ops function
- XSA-207
* IOMMU: always call teardown callback
- CVE-2017-2615 / XSA-208
* CVE-2014-8106: cirrus: fix blit region check
* cirrus: fix oob access issue (CVE-2017-2615)
- CVE-2017-2620 / XSA-209
* cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
- CVE-2016-9603 / XSA-211
* cirrus/vnc: zap drop bitblit support from console code.
- CVE-2017-7228 / XSA-212
* memory: properly check guest memory ranges in XENMEM_exchange handling
- XSA-213
* multicall: deal with early exit conditions
- XSA-214
* x86: discard type information when stealing pages
- XSA-215
* x86: correct create_bounce_frame
-- Stefan Bader <email address hidden> Tue, 09 May 2017 10:13:50 +0200
|
Source diff to previous version |
CVE-2014-8106 |
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary co |
CVE-2017-2620 |
display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo |
CVE-2016-9603 |
cirrus: heap buffer overflow via vnc connection |
CVE-2017-7228 |
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced |
|
xen (4.4.2-0ubuntu0.14.04.10) trusty; urgency=medium
* Backport upstream change to fix TSC_ADJUST MSR handling in HVM
guests running on Intel based hosts (LP: #1671760)
-- Stefan Bader <email address hidden> Tue, 14 Mar 2017 11:17:48 +0100
|
Source diff to previous version |
xen (4.4.2-0ubuntu0.14.04.9) trusty-security; urgency=low
* Applying Xen Security Advisories:
- CVE-2016-9386 / XSA-191
* x86/hvm: Fix the handling of non-present segments
- CVE-2016-9382 / XSA-192
* x86/HVM: don't load LDTR with VM86 mode attrs during task switch
- CVE-2016-9385 / XSA-193
* x86/PV: writes of %fs and %gs base MSRs require canonical addresses
- CVE-2016-9383 / XSA-195
* x86emul: fix huge bit offset handling
- CVE-2016-9381 / XSA-197
* xen: fix ioreq handling
- CVE-2016-9379, CVE-2016-9380 / XSA-198
* pygrub: Properly quote results, when returning them to the caller
- CVE-2016-9637 / XSA-199
* qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
- CVE-2016-9932 / XSA-200
* x86emul: CMPXCHG8B ignores operand size prefix
- CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
* arm64: handle guest-generated EL1 asynchronous abort
* arm64: handle async aborts delivered while at EL2
* arm: crash the guest when it traps on external abort
* arm32: handle async aborts delivered while at HYP
- CVE-2016-10024 / XSA-202
* x86: force EFLAGS.IF on when exiting to PV guests
- CVE-2016-10013 / XSA-204
* x86/emul: Correct the handling of eflags with SYSCALL
-- Stefan Bader <email address hidden> Tue, 10 Jan 2017 16:47:39 +0100
|
CVE-2016-9386 |
x86 null segments not always treated as unusable |
CVE-2016-9382 |
x86 task switch to VM86 mode mis-handled |
CVE-2016-9385 |
x86 segment base write emulation lacking canonical address checks |
CVE-2016-9383 |
x86 64-bit bit test instruction emulation broken |
CVE-2016-9381 |
qemu incautious about shared ring processing |
CVE-2016-9379 |
delimiter injection vulnerabilities in pygrub |
CVE-2016-9380 |
delimiter injection vulnerabilities in pygrub |
CVE-2016-9637 |
qemu ioport array overflow |
CVE-2016-9932 |
x86 CMPXCHG8B emulation fails to ignore operand size override |
CVE-2016-1002 |
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 2 |
CVE-2016-1001 |
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.57 |
|
About
-
Send Feedback to @ubuntu_updates