← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1671864] Re: Xen stable update to 4.6.5

 

This bug was fixed in the package xen - 4.6.5-0ubuntu1

---------------
xen (4.6.5-0ubuntu1) xenial; urgency=medium

  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Tue, 14 Mar 2017 16:08:39
+0100

** Changed in: xen (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2076

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5307

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7812

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7813

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7814

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7835

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7969

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7970

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7971

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7972

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8104

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8338

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8339

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8340

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8341

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8550

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8555

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8615

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10013

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10024

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10025

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1570

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1571

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2270

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2271

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3158

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3159

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3960

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4480

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4962

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4963

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5242

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6258

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6259

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7092

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7093

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7094

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7777

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9377

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9378

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9379

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9380

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9382

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9383

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9385

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9386

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9815

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9816

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9817

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9818

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9932

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1671864

Title:
  Xen stable update to 4.6.5

Status in xen package in Ubuntu:
  Invalid
Status in xen source package in Xenial:
  Fix Released

Bug description:
  SRU Justification:

  Impact: Upstream Xen has released a stable update to 4.6.5. Xenial is
  based on 4.6.0 currently. By upgrading to the latest stable release we
  would gain many fixes and improvements from the upstream stable
  stream.

  Fix: Replaced the orig tarballs with the contents of the upstream
  stable release. Dropping patches we have picked up already.

  Testcase: Basic regression testing after upgrading.

  MRE discussion: http://irclogs.ubuntu.com/2013/07/22/%23ubuntu-
  meeting.html#t20:33

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1671864/+subscriptions