Fwd: [ubuntu/precise-security] xen 4.1.6.1-0ubuntu0.12.04.11 (Accepted)

To: debian-lts@lists.debian.org
Subject: Fwd: [ubuntu/precise-security] xen 4.1.6.1-0ubuntu0.12.04.11 (Accepted)
From: "Simon Iremonger (debian)" <debian@iremonger.me.uk>
Date: Tue, 14 Jun 2016 13:10:58 +0100
Message-id: <[🔎] 575FF452.5080104@iremonger.me.uk>
In-reply-to: <20160614103616.2723.91440.launchpad@ackee.canonical.com>
References: <20160614103616.2723.91440.launchpad@ackee.canonical.com>

Happened to spot (forwarded below) Ubuntu released 'their' fix
for the qemu VGA exploit amongst others...


I note in particular they decided on including a patch of some
form r.e. for XSA-060 ... Even though debian marked this as
"Hardware design flaw, no software solution" according to the
debian security-tracker page...........
Wonder whats' going on there...


Hope that helps anyway,

--Simon




-------- Forwarded Message --------
Subject: [ubuntu/precise-security] xen 4.1.6.1-0ubuntu0.12.04.11 (Accepted)
Date: Tue, 14 Jun 2016 10:36:16 -0000
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Marc Deslauriers <marc.deslauriers@canonical.com>
To: precise-changes@lists.ubuntu.com

xen (4.1.6.1-0ubuntu0.12.04.11) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-2212 / XSA-060
      * VMX: disable EPT when !cpu_has_vmx_pat
      * VMX: remove the problematic set_uc_mode logic
      * VMX: fix cr0.cd handling
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
      * x86/HVM: correct CPUID leaf 80000008 handling
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-3710 / XSA-179 (qemu traditional)
      * vga: fix banked access bounds checking
      * vga: add vbe_enabled() helper
      * vga: factor out vga register setup
      * vga: update vga register setup on vbe changes
      * vga: make sure vga register setup for vbe stays intact
    - CVE-2014-3672 / XSA-180 (qemu traditional)
      * main loop: Big hammer to fix logfile disk DoS in Xen setups

Date: 2016-06-14 09:35:20.148875+00:00
Changed-By: Stefan Bader <stefan.bader@canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers@canonical.com>
https://launchpad.net/ubuntu/+source/xen/4.1.6.1-0ubuntu0.12.04.11

Sorry, changesfile not available.

-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply to:

Prev by Date: Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
Next by Date: Re: Wheezy update of spice?
Previous by thread: Re: Wheezy update of spice?
Next by thread: Re: Bug#827397: RFS: vlc/2.0.3-5+deb7u3
Index(es):
- Date
- Thread