xen 4.16.2+90-g0d39a6d1ae-1 source package in Debian

Changelog

xen (4.16.2+90-g0d39a6d1ae-1) unstable; urgency=medium

  * Update to new upstream version 4.16.2+90-g0d39a6d1ae, which also contains
    security fixes for the following issues:
     - Xenstore: guests can let run xenstored out of memory
       XSA-326 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314
       CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318
     - Arm: unbounded memory consumption for 2nd-level page tables
       XSA-409 CVE-2022-33747
     - P2M pool freeing may take excessively long
       XSA-410 CVE-2022-33746
     - lock order inversion in transitive grant copy handling
       XSA-411 CVE-2022-33748
     - x86: unintended memory sharing between guests
       XSA-412 CVE-2022-42327
     - Xenstore: Guests can crash xenstored
       XSA-414 CVE-2022-42309
     - Xenstore: Guests can create orphaned Xenstore nodes
       XSA-415 CVE-2022-42310
     - Xenstore: Guests can cause Xenstore to not free temporary memory
       XSA-416 CVE-2022-42319
     - Xenstore: Guests can get access to Xenstore nodes of deleted domains
       XSA-417 CVE-2022-42320
     - Xenstore: Guests can crash xenstored via exhausting the stack
       XSA-418 CVE-2022-42321
     - Xenstore: Cooperating guests can create arbitrary numbers of nodes
       XSA-419 CVE-2022-42322 CVE-2022-42323
     - Oxenstored 32->31 bit integer truncation issues
       XSA-420 CVE-2022-42324
     - Xenstore: Guests can create arbitrary number of nodes via transactions
       XSA-421 CVE-2022-42325 CVE-2022-42326
     - x86: Multiple speculative security issues
       XSA-422 CVE-2022-23824
   * Note that the following XSA are not listed, because...
     - XSA-413 applies to XAPI which is not included in Debian
   * Drop the "x86/CPUID: surface suitable value in EBX of XSTATE subleaf 1"
     patch again because it's included in upstream changes now.

 -- Hans van Kranenburg <email address hidden>  Wed, 16 Nov 2022 12:50:33 +0100

Upload details

Uploaded by:
Debian Xen Team
Uploaded to:
Sid
Original maintainer:
Debian Xen Team
Architectures:
amd64 arm64 armhf
Section:
kernel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
xen_4.16.2+90-g0d39a6d1ae-1.dsc 4.1 KiB 584de011263c53fb724bd57b7a468a38d210569a91a8a0ce6fcba614c436516c
xen_4.16.2+90-g0d39a6d1ae.orig.tar.xz 4.4 MiB 86ee16efa5745145b5a9712b38fb84f80d1d811a7f034342749eddd2a396a91d
xen_4.16.2+90-g0d39a6d1ae-1.debian.tar.xz 128.5 KiB 3a901188068a0059a81f7e2c2f680b07267774b2860f90125a9e623e12bc6bbf

No changes file available.

Binary packages built by this source