dgit.raspbian.org Git - xen.git/commit

xen (4.14.5+86-g1c354767d5-1) bullseye-security; urgency=medium

  * Update to new upstream version 4.14.5+86-g1c354767d5, which also contains
    security fixes for the following issues: (Closes: #1021668)
    - Xenstore: guests can let run xenstored out of memory
      XSA-326 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314
      CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318
    - insufficient TLB flush for x86 PV guests in shadow mode
      XSA-408 CVE-2022-33745
    - Arm: unbounded memory consumption for 2nd-level page tables
      XSA-409 CVE-2022-33747
    - P2M pool freeing may take excessively long
      XSA-410 CVE-2022-33746
    - lock order inversion in transitive grant copy handling
      XSA-411 CVE-2022-33748
    - Xenstore: Guests can crash xenstored
      XSA-414 CVE-2022-42309
    - Xenstore: Guests can create orphaned Xenstore nodes
      XSA-415 CVE-2022-42310
    - Xenstore: Guests can cause Xenstore to not free temporary memory
      XSA-416 CVE-2022-42319
    - Xenstore: Guests can get access to Xenstore nodes of deleted domains
      XSA-417 CVE-2022-42320
    - Xenstore: Guests can crash xenstored via exhausting the stack
      XSA-418 CVE-2022-42321
    - Xenstore: Cooperating guests can create arbitrary numbers of nodes
      XSA-419 CVE-2022-42322 CVE-2022-42323
    - Oxenstored 32->31 bit integer truncation issues
      XSA-420 CVE-2022-42324
    - Xenstore: Guests can create arbitrary number of nodes via transactions
      XSA-421 CVE-2022-42325 CVE-2022-42326
  * The upstream Xen changes now also contain the first mentioned patch of
    XSA-403 ("Linux disk/nic frontends data leaks") for stable branch lines.
    For more information, please refer to the XSA-403 advisory text.
  * Note that the following XSA are not listed, because...
    - XSA-412 only applies to Xen 4.16 and newer
    - XSA-413 applies to XAPI which is not included in Debian
  * Correct a typo in the previous changelog entry.

[dgit import unpatched xen 4.14.5+86-g1c354767d5-1]

author	Hans van Kranenburg <hans@knorrie.org>
	Fri, 4 Nov 2022 19:25:46 +0000 (19:25 +0000)
committer	Hans van Kranenburg <hans@knorrie.org>
	Fri, 4 Nov 2022 19:25:46 +0000 (19:25 +0000)
commit	124b374ba3d1c05fafa216005bf6575aae11d0ea
tree	948f8f1266be8fa0a629941eeb384dc0c544a196	tree \| snapshot
parent	c0e6dee78a1ed0ec26dfccf4414b8a5664a61ffd	commit \| diff
parent	48cad62e14818c360d5b7aa8a1ceb2eb2253475a	commit \| diff

debian/NEWS	\|	\|	blob
debian/README.Debian.security	\|	\|	blob
debian/README.md	\|	\|	blob
debian/changelog	\|	\|	blob
debian/compat	\|	\|	blob
debian/control	\|	\|	blob
debian/control.md5sum	\|	\|	blob
debian/copyright	\|	\|	blob
debian/gitignore-old	\|	\|	blob
debian/installsharedlibs	\|	\|	blob
debian/libxen-V.bug-control.vsn-in	\|	\|	blob
debian/libxen-dev.install	\|	\|	blob
debian/libxencall1.install	\|	\|	blob
debian/libxendevicemodel1.install	\|	\|	blob
debian/libxenevtchn1.install	\|	\|	blob
debian/libxenforeignmemory1.install	\|	\|	blob
debian/libxengnttab1.install	\|	\|	blob
debian/libxenhypfs1.install	\|	\|	blob
debian/libxenmiscV.install.vsn-in	\|	\|	blob
debian/libxenmiscV.lintian-overrides.vsn-in	\|	\|	blob
debian/libxenstore3.0.install	\|	\|	blob
debian/libxenstore3.0.symbols	\|	\|	blob
debian/libxentoolcore1.install	\|	\|	blob
debian/libxentoollog1.install	\|	\|	blob
debian/not-installed	\|	\|	blob
debian/patches/0001-Delete-config.sub-and-config.guess.patch	\|	\|	blob
debian/patches/0002-Delete-configure-output.patch	\|	\|	blob
debian/patches/0003-version.patch	\|	\|	blob
debian/patches/0005-Do-not-ship-COPYING-into-usr-include.patch	\|	\|	blob
debian/patches/0008-Do-not-build-the-instruction-emulator.patch	\|	\|	blob
debian/patches/0009-tools-libfsimage-prefix.diff.patch	\|	\|	blob
debian/patches/0010-autoconf-Provide-libexec_libdir_suffix.patch	\|	\|	blob
debian/patches/0011-.gitignore-Add-configure-output-which-we-always-dele.patch	\|	\|	blob
debian/patches/0012-Revert-pvshim-make-PV-shim-build-selectable-from-con.patch	\|	\|	blob
debian/patches/0013-tools-firmware-Makfile-Respect-caller-s-CONFIG_PV_SH.patch	\|	\|	blob
debian/patches/0014-tools-firmware-Makefile-CONFIG_PV_SHIM-enable-only-o.patch	\|	\|	blob
debian/patches/0015-shim-Provide-separate-install-shim-target.patch	\|	\|	blob
debian/patches/0016-docs-man-xen-vbd-interface.7-Provide-properly-format.patch	\|	\|	blob
debian/patches/0017-Fix-empty-fields-in-first-hypervisor-log-line.patch	\|	\|	blob
debian/patches/0018-vif-common-disable-handle_iptable.patch	\|	\|	blob
debian/patches/0019-sysconfig.xencommons.in-Strip-and-debianize.patch	\|	\|	blob
debian/patches/0020-hotplug-common-Do-not-adjust-LD_LIBRARY_PATH.patch	\|	\|	blob
debian/patches/0021-pygrub-Set-sys.path.patch	\|	\|	blob
debian/patches/0022-pygrub-Specify-rpath-LIBEXEC_LIB-when-building-fsima.patch	\|	\|	blob
debian/patches/0023-tools-xl-bash-completion-also-complete-xen.patch	\|	\|	blob
debian/patches/0024-tools-don-t-build-ship-xenmon.patch	\|	\|	blob
debian/patches/0025-tools-Partially-revert-Cross-compilation-fixes.patch	\|	\|	blob
debian/patches/0026-t-h-L-vif-common.sh-fix-handle_iptable-return-value.patch	\|	\|	blob
debian/patches/0027-xen-rpi4-implement-watchdog-based-reset.patch	\|	\|	blob
debian/patches/0028-tools-python-Pass-linker-to-Python-build-process.patch	\|	\|	blob
debian/patches/0029-xen-arm-acpi-Don-t-fail-if-SPCR-table-is-absent.patch	\|	\|	blob
debian/patches/0030-xen-acpi-Rework-acpi_os_map_memory-and-acpi_os_unmap.patch	\|	\|	blob
debian/patches/0031-xen-arm-acpi-The-fixmap-area-should-always-be-cleare.patch	\|	\|	blob
debian/patches/0032-xen-arm-Check-if-the-platform-is-not-using-ACPI-befo.patch	\|	\|	blob
debian/patches/0033-xen-arm-Introduce-fw_unreserved_regions-and-use-it.patch	\|	\|	blob
debian/patches/0034-xen-arm-acpi-add-BAD_MADT_GICC_ENTRY-macro.patch	\|	\|	blob
debian/patches/0035-xen-arm-traps-Don-t-panic-when-receiving-an-unknown-.patch	\|	\|	blob
debian/patches/0036-fix-spelling-errors.patch	\|	\|	blob
debian/patches/0037-xen-don-t-have-timestamp-inserted-in-config.gz.patch	\|	\|	blob
debian/patches/0038-x86-EFI-don-t-insert-timestamp-when-SOURCE_DATE_EPOC.patch	\|	\|	blob
debian/patches/0039-docs-use-predictable-ordering-in-generated-documenta.patch	\|	\|	blob
debian/patches/0040-docs-set-date-to-SOURCE_DATE_EPOCH-if-available.patch	\|	\|	blob
debian/patches/0041-x86-ACPI-fix-mapping-of-FACS.patch	\|	\|	blob
debian/patches/0042-x86-DMI-fix-table-mapping-when-one-lives-above-1Mb.patch	\|	\|	blob
debian/patches/0043-x86-ACPI-fix-S3-wakeup-vector-mapping.patch	\|	\|	blob
debian/patches/0044-x86-ACPI-don-t-invalidate-S5-data-when-S3-wakeup-vec.patch	\|	\|	blob
debian/patches/misc/tools-pygrub-remove-static-solaris-support	\|	\|	blob
debian/patches/misc/toolstestsx86_emulator-pass--no-pie--fno.patch	\|	\|	blob
debian/patches/prefix-abiname/config-prefix.diff	\|	\|	blob
debian/patches/series	\|	\|	blob
debian/rules	\|	\|	blob
debian/salsa-ci.yml	\|	\|	blob
debian/scripts/Makefile	\|	\|	blob
debian/scripts/qemu-ifup	\|	\|	blob
debian/scripts/xen	\|	\|	blob
debian/scripts/xen-dir	\|	\|	blob
debian/scripts/xen-init-list	\|	\|	blob
debian/scripts/xen-init-name	\|	\|	blob
debian/scripts/xen-toolstack	\|	\|	blob
debian/scripts/xen-toolstack-wrapper	\|	\|	blob
debian/scripts/xen-utils-wrapper	\|	\|	blob
debian/scripts/xen-version	\|	\|	blob
debian/shuffle-binaries	\|	\|	blob
debian/shuffle-boot-files	\|	\|	blob
debian/source/format	\|	\|	blob
debian/template-subst	\|	\|	blob
debian/tree/xen-hypervisor-common/etc/default/grub.d/xen.cfg	\|	\|	blob
debian/ucf-remove-fixup	\|	\|	blob
debian/xen-doc.doc-base	\|	\|	blob
debian/xen-doc.install	\|	\|	blob
debian/xen-doc.links	\|	\|	blob
debian/xen-doc.lintian-overrides	\|	\|	blob
debian/xen-hypervisor-V-F.bug-control.vsn-in	\|	\|	blob
debian/xen-hypervisor-V-F.install.vsn-in	\|	\|	blob
debian/xen-hypervisor-V-F.lintian-overrides.vsn-in	\|	\|	blob
debian/xen-hypervisor-V-F.postinst.vsn-in	\|	\|	blob
debian/xen-hypervisor-V-F.postrm.vsn-in	\|	\|	blob
debian/xen-hypervisor-common.docs	\|	\|	blob
debian/xen-hypervisor-common.install	\|	\|	blob
debian/xen-kconfig	\|	\|	blob
debian/xen-utils-V.README.Debian.vsn-in	\|	\|	blob
debian/xen-utils-V.bug-control.vsn-in	\|	\|	blob
debian/xen-utils-V.install.vsn-in	\|	\|	blob
debian/xen-utils-V.lintian-overrides.vsn-in	\|	\|	blob
debian/xen-utils-V.postinst.vsn-in	\|	\|	blob
debian/xen-utils-V.prerm.vsn-in	\|	\|	blob
debian/xen-utils-common.README.Debian	\|	\|	blob
debian/xen-utils-common.dirs	\|	\|	blob
debian/xen-utils-common.examples	\|	\|	blob
debian/xen-utils-common.install	\|	\|	blob
debian/xen-utils-common.links	\|	\|	blob
debian/xen-utils-common.maintscript	\|	\|	blob
debian/xen-utils-common.postinst	\|	\|	blob
debian/xen-utils-common.postrm	\|	\|	blob
debian/xen-utils-common.preinst	\|	\|	blob
debian/xen-utils-common.ucf	\|	\|	blob
debian/xen-utils-common.xen.init	\|	\|	blob
debian/xen-utils-common.xendomains.default	\|	\|	blob
debian/xen-utils-common.xendomains.init	\|	\|	blob
debian/xenstore-utils.install	\|	\|	blob
debian/xenstore-utils.lintian-overrides	\|	\|	blob