xen 4.11.3+24-g14b62ab3e5-1ubuntu2.3 source package in Ubuntu

Changelog

xen (4.11.3+24-g14b62ab3e5-1ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: Fix multiple vulnerabilities
    - d/p/xsa312-4.11.patch: Place a speculation barrier sequence
      following an eret instruction
    - d/p/CVE-2020-11740-and-CVE-2020-11741-1.patch: clear buffer intended
      to be shared with guests
    - d/p/CVE-2020-11740-and-CVE-2020-11741-2.patch: limit consumption of
      shared buffer data
    - d/p/CVE-2020-11739.patch: Add missing memory barrier in the unlock
      path of rwlock
    - d/p/CVE-2020-11743.patch: Fix error path in map_grant_ref()
    - d/p/CVE-2020-11742.patch: fix GNTTABOP_copy continuation handling
    - d/p/CVE-2020-0543-1.patch: CPUID/MSR definitions for Special
      Register Buffer Data Sampling
    - d/p/CVE-2020-0543-2.patch: Mitigate the Special Register Buffer
      Data Sampling sidechannel
    - d/p/CVE-2020-0543-3.patch: Allow the RDRAND/RDSEED features to be
      hidden
    - d/p/CVE-2020-15566.patch: Don't ignore error in get_free_port()
    - d/p/CVE-2020-15563.patch: correct an inverted conditional in dirty
      VRAM tracking
    - d/p/CVE-2020-15565-1.patch: improve IOMMU TLB flush
    - d/p/CVE-2020-15565-2.patch: prune (and rename) cache flush
      functions
    - d/p/CVE-2020-15565-3.patch: introduce a cache sync hook
    - d/p/CVE-2020-15565-4.patch: don't assume addresses are aligned in
      sync_cache
    - d/p/CVE-2020-15564.patch: Check the alignment of the offset passed
      via VCPUOP_register_vcpu_info
    - d/p/CVE-2020-15567-1.patch: ept_set_middle_entry() related
      adjustments
    - d/p/CVE-2020-15567-2.patch: atomically modify entries in
      ept_next_level
    - d/p/CVE-2020-25602.patch: Handle the Intel-specific MSR_MISC_ENABLE
      correctly
    - d/p/CVE-2020-25604.patch: fix race when migrating timers between
      vCPUs
    - d/p/CVE-2020-25595-1.patch: get rid of read_msi_msg
    - d/p/CVE-2020-25595-2.patch: restrict reading of table/PBA bases
      from BARs
    - d/p/CVE-2020-25597.patch: relax port_is_valid()
    - d/p/CVE-2020-25596.patch: Avoid double exception injection
    - d/p/CVE-2020-25603.patch: Add missing barriers when
      accessing/allocating an event channel
    - d/p/CVE-2020-25600.patch: enforce correct upper limit for 32-bit
      guests
    - d/p/CVE-2020-25599-1.patch: evtchn_reset() shouldn't succeed with
      still-open ports
    - d/p/CVE-2020-25599-2.patch: convert per-channel lock to be IRQ-safe
    - d/p/CVE-2020-25599-3.patch: address races with evtchn_reset()
    - d/p/CVE-2020-25601-1.patch: arrange for preemption in
      evtchn_destroy()
    - d/p/CVE-2020-25601-2.patch: arrange for preemption in evtchn_reset()
    - CVE-2020-11740
    - CVE-2020-11741
    - CVE-2020-11739
    - CVE-2020-11743
    - CVE-2020-11742
    - CVE-2020-0543
    - CVE-2020-15566
    - CVE-2020-15563
    - CVE-2020-15565
    - CVE-2020-15564
    - CVE-2020-15567
    - CVE-2020-25602
    - CVE-2020-25604
    - CVE-2020-25595
    - CVE-2020-25597
    - CVE-2020-25596
    - CVE-2020-25603
    - CVE-2020-25600
    - CVE-2020-25599
    - CVE-2020-25601

 -- Luís Infante da Câmara <email address hidden>  Mon, 22 Aug 2022 11:20:03 +0200

Upload details

Uploaded by:
Luís Infante da Câmara
Sponsored by:
Eduardo Barretto
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
amd64 arm64 armhf i386 all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe kernel
Focal security universe kernel

Downloads

File Size SHA-256 Checksum
xen_4.11.3+24-g14b62ab3e5.orig.tar.xz 4.0 MiB 2286fbfbf986ea4baaae4cad8b3adab3bbd1a966cb019dd3f59a177b8036d189
xen_4.11.3+24-g14b62ab3e5-1ubuntu2.3.debian.tar.xz 221.1 KiB d48a5b6399a74f2475a1c2a22b58afbf143a379fa8a570f5288257c2ea8fb3da
xen_4.11.3+24-g14b62ab3e5-1ubuntu2.3.dsc 4.4 KiB f7718f51aec6570b59c890fa418289c497f3c8a7c977460436c7d21c74a66ddd

View changes file

Binary packages built by this source

libxen-dev: Public headers and libs for Xen

 This package contains the public headers and static libraries for Xen.
 .
 The libxenlight library is intended as a common base for all Xen toolstack
 developers. The libxlutil library contains additional helpers which may
 be useful to toolstack developers.
 .
 The libxenstore library allows userspace processes to interact with
 the XenStore database. Command line tools for accessing xenstore are
 provided is via the xenstore-utils package.
 .
 Most of the other included libraries are internal, and intended for
 use by the Xen toolstack, rather than directly.

libxencall1: Xen runtime library - libxencall

 Shared library for Xen utilities.

libxencall1-dbgsym: debug symbols for libxencall1
libxendevicemodel1: Xen runtime libraries - libxendevicemodel

 Shared library for Xen utilities.

libxendevicemodel1-dbgsym: debug symbols for libxendevicemodel1
libxenevtchn1: Xen runtime libraries - libxenevtchn

 Shared library for Xen utilities.

libxenevtchn1-dbgsym: debug symbols for libxenevtchn1
libxenforeignmemory1: Xen runtime libraries - libxenforeignmemory

 Shared library for Xen utilities.

libxenforeignmemory1-dbgsym: debug symbols for libxenforeignmemory1
libxengnttab1: Xen runtime libraries - libxengnttab

 Shared library for Xen utilities.

libxengnttab1-dbgsym: debug symbols for libxengnttab1
libxenmisc4.11: Xen runtime libraries - miscellaneous, versioned ABI

 Shared libraries for Xen utilities.
 This package contains libraries whose ABI changes with each
 new upstream Xen release, which include ones which embed
 knowledge of hypervisor-version-specific hypercall ABIs.

libxenmisc4.11-dbgsym: debug symbols for libxenmisc4.11
libxenstore3.0: Xen runtime libraries - libxenstore

 Shared library for Xen utilities.

libxenstore3.0-dbgsym: debug symbols for libxenstore3.0
libxentoolcore1: Xen runtime libraries - libxentoolcore

 Shared library for Xen utilities.

libxentoolcore1-dbgsym: debug symbols for libxentoolcore1
libxentoollog1: Xen runtime libraries - libxentoollog

 Shared library for Xen utilities.

libxentoollog1-dbgsym: debug symbols for libxentoollog1
xen-doc: XEN documentation

 Documentation for the Xen hypervisor and surrounding software,
 including descriptions of the hypercall interfaces and of some
 of the library APIs.
 .
 You do not need this package for the primary manpages for the
 Xen control utilities, as those are in the xen-utils-common package.

xen-hypervisor-4.11-amd64: Xen Hypervisor on AMD64

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.

xen-hypervisor-4.11-arm64: Xen Hypervisor on ARM64

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.

xen-hypervisor-4.11-armhf: Xen Hypervisor on ARMHF

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.

xen-hypervisor-4.9-amd64: Transitional package for upgrade

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.
 .
 This is a transitional package. You can safely remove it.

xen-hypervisor-4.9-arm64: Transitional package for upgrade

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.
 .
 This is a transitional package. You can safely remove it.

xen-hypervisor-4.9-armhf: Transitional package for upgrade

 The hypervisor is the "core" for XEN itself. It gets booted by the boot
 loader and controls cpu and memory, sharing them between your
 administrative domain (Domain 0) and the virtual guest systems.
 .
 In order to boot a XEN system along with this package you also need a
 kernel specifically crafted to work as the Domain 0, mediating hardware
 access for XEN itself.
 .
 This is a transitional package. You can safely remove it.

xen-hypervisor-common: Xen Hypervisor - common files

 The configuration which arranges for an installed hypervisor to be booted
 as default, with the right command line arguments passed to both
 hypervisor and host (Domain 0) kernel.
 .
 This package is only required on the host system (Domain 0) and not on the
 virtual guest systems (Domain U).

xen-system-amd64: Xen System on AMD64 (metapackage)

 This package depends on the latest Xen hypervisor for use on AMD64 and the
 Xen utils.

xen-system-arm64: Xen System on ARM64 (metapackage)

 This package depends on the latest Xen hypervisor for use on ARM64 and the
 Xen utils.

xen-system-armhf: Xen System on ARMHF (metapackage)

 This package depends on the latest Xen hypervisor for use on ARMHF and the
 Xen utils.

xen-utils-4.11: XEN administrative tools

 The userspace tools to manage a system virtualized through the XEN virtual
 machine monitor.
 .
 qemu-utils and seabios are neded for "Xen HVM" (amd64 and i386)

xen-utils-4.11-dbgsym: debug symbols for xen-utils-4.11
xen-utils-common: Xen administrative tools - common files

 The userspace tools to manage a system virtualized through the Xen virtual
 machine monitor.
 .
 This package is only required on the host system (Domain 0) and not on the
 virtual guest systems (Domain U).

xen-utils-common-dbgsym: debug symbols for xen-utils-common
xenstore-utils: Xenstore command line utilities for Xen

 This package contains command line utilities for interacting with
 XenStore.
 .
 XenStore is a shared database used for interdomain communication of
 configuration and status information. It is accessible to all domains
 running on the same Xen host. See https://wiki.xen.org/wiki/XenStore for
 more information.
 .
 In the common case these tools are used by the Xen toolstack running in
 domain0 (or a driver domain) however they may also be used in a guest
 domain to support local scripting which wants to communicate via XenStore.

xenstore-utils-dbgsym: debug symbols for xenstore-utils