UbuntuUpdates.org

Package "xen-hypervisor-4.6-amd64"

Name: xen-hypervisor-4.6-amd64

Description:

Xen Hypervisor on AMD64

Latest version: 4.6.5-0ubuntu1.4
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: xen

Links


Download "xen-hypervisor-4.6-amd64"


Other versions of "xen-hypervisor-4.6-amd64" in Xenial

Repository Area Version
base universe 4.6.0-1ubuntu4
security universe 4.6.5-0ubuntu1.4

Changelog

Version: 4.6.0-1ubuntu4.2 2016-10-11 22:06:51 UTC

  xen (4.6.0-1ubuntu4.2) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-6259 / XSA-183
      * x86/entry: Avoid SMAP violation in compat_create_bounce_frame()
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <email address hidden> Thu, 06 Oct 2016 15:32:01 +0200

Source diff to previous version
CVE-2016-6258 The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveragi
CVE-2016-6259 Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows l
CVE-2016-7092 The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related
CVE-2016-7094 Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of servi
CVE-2016-7777 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM registe

Version: 4.6.0-1ubuntu4.1 2016-06-14 14:07:04 UTC

  xen (4.6.0-1ubuntu4.1) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Do not trust frontend for channel in list
      * libxl: Do not trust frontend for channel in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Make copy of every xs backend in /libxl in _generic_add
      * libxl: Do not trust backend in libxl__device_exists
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Do not trust backend for channel in getinfo
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Do not trust backend in channel list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
               libxl__device_disk_from_xs_be
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

 -- Stefan Bader <email address hidden> Wed, 01 Jun 2016 11:10:47 +0200

CVE-2016-3158 The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, whic
CVE-2016-3159 The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, w
CVE-2016-3960 Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privi
CVE-2016-4962 The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or managem
CVE-2016-4480 The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit
CVE-2016-4963 The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management
CVE-2016-5242 The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial



About   -   Send Feedback to @ubuntu_updates