[Pkg-xen-devel] unblock: xen/4.11.1+92-g6c33308a8d-1
Hans van Kranenburg
hans at knorrie.org
Thu Jun 20 20:14:52 BST 2019
Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package src:xen
Hi release team,
Yesterday we uploaded a security update for Xen. This update also
contains the mitigations for Microarchitectural Data Sampling.
The upstream source is forwarded from commit 87f51bf366 to commit
6c33308a8d:
https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;hp=87f51bf366;h=6c33308a8d
There are no further packaging changes (except for the changelog, of
course):
---- >8 ----
xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high
* Update to new upstream version 4.11.1+92-g6c33308a8d, which also
contains the following security fixes:
- Fix: grant table transfer issues on large hosts
XSA-284 (no CVE yet) (Closes: #929991)
- Fix: race with pass-through device hotplug
XSA-285 (no CVE yet) (Closes: #929998)
- Fix: x86: steal_page violates page_struct access discipline
XSA-287 (no CVE yet) (Closes: #930001)
- Fix: x86: Inconsistent PV IOMMU discipline
XSA-288 (no CVE yet) (Closes: #929994)
- Fix: missing preemption in x86 PV page table unvalidation
XSA-290 (no CVE yet) (Closes: #929996)
- Fix: x86/PV: page type reference counting issue with failed IOMMU
update
XSA-291 (no CVE yet) (Closes: #929995)
- Fix: x86: insufficient TLB flushing when using PCID
XSA-292 (no CVE yet) (Closes: #929993)
- Fix: x86: PV kernel context switch corruption
XSA-293 (no CVE yet) (Closes: #929999)
- Fix: x86 shadow: Insufficient TLB flushing when using PCID
XSA-294 (no CVE yet) (Closes: #929992)
- Fix: Microarchitectural Data Sampling speculative side channel
XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
(Closes: #929129)
* Note that the fixes for XSA-297 will only have effect when also loading
updated cpu microcode with MD_CLEAR functionality. When using the
intel-microcode package to include microcode in the dom0 initrd, it
has to
be loaded by Xen. Please refer to the hypervisor command line
documentation about the 'ucode=scan' option.
* Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added
in the
next upload.
-- Hans van Kranenburg <hans at knorrie.org> Tue, 18 Jun 2019 09:50:19 +0200
---- >8 ----
We prefer to keep releasing from the upstream stable release branches,
because:
(i) upstream only put bugfixes and security fixes on their stable
branches (ii) trying to assemble our own subset of the patches is
riskier than taking upstream's collection (iii) the upstream stable
release branch has undergone extensive testing, which we cannot repeat
in Debian.
The binary packages built from src:xen are:
libxencall1
libxencall1-dbgsym
libxen-dev
libxendevicemodel1
libxendevicemodel1-dbgsym
libxenevtchn1
libxenevtchn1-dbgsym
libxenforeignmemory1
libxenforeignmemory1-dbgsym
libxengnttab1
libxengnttab1-dbgsym
libxenmisc4.11
libxenmisc4.11-dbgsym
libxenstore3.0
libxenstore3.0-dbgsym
libxentoolcore1
libxentoolcore1-dbgsym
libxentoollog1
libxentoollog1-dbgsym
xen-doc
xen-hypervisor-4.11-amd64
xen-hypervisor-common
xenstore-utils
xenstore-utils-dbgsym
xen-system-amd64
xen-utils-4.11
xen-utils-4.11-dbgsym
xen-utils-common
xen-utils-common-dbgsym
The source debdiff is attached for sake of completeness.
Please unblock.
Thanks a lot,
Hans van Kranenburg
Debian Xen Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debdiff_xen_4.11.1+26-g87f51bf366-3_xen_4.11.1+92-g6c33308a8d-1.txt.gz
Type: application/gzip
Size: 43054 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20190620/5c80fbf0/attachment-0001.gz>
More information about the Pkg-xen-devel
mailing list