Changelog
xen (4.11.4+57-g41a822c392-2) buster-security; urgency=high
* Apply security fixes for the following issues:
- oxenstored: permissions not checked on root node
XSA-353 (CVE-2020-29479)
- xenstore watch notifications lacking permission checks
XSA-115 (CVE-2020-29480)
- Xenstore: new domains inheriting existing node permissions
XSA-322 (CVE-2020-29481)
- Xenstore: wrong path length check
XSA-323 (CVE-2020-29482)
- Xenstore: guests can crash xenstored via watchs
XSA-324 (CVE-2020-29484)
- Xenstore: guests can disturb domain cleanup
XSA-325 (CVE-2020-29483)
- oxenstored memory leak in reset_watches
XSA-330 (CVE-2020-29485)
- oxenstored: node ownership can be changed by unprivileged clients
XSA-352 (CVE-2020-29486)
- undue recursion in x86 HVM context switch code
XSA-348 (CVE-2020-29566)
- FIFO event channels control block related ordering
XSA-358 (CVE-2020-29570)
- FIFO event channels control structure ordering
XSA-359 (CVE-2020-29571)
* Note that the following XSA are not listed, because...
- XSA-349 and XSA-350 have patches for the Linux kernel
- XSA-354 has patches for the XAPI toolstack
- XSA-356 only applies to Xen 4.14
-- Hans van Kranenburg <email address hidden> Fri, 11 Dec 2020 22:10:09 +0100