[Buildroot] [PATCH 2/3] package/xen: security bump to version 4.12.2

Peter Korsgaard peter at korsgaard.com
Thu Mar 5 20:25:30 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > The 4.12.2 release brings a large number of fixes:
 > https://xenproject.org/downloads/xen-project-archives/xen-project-4-12-series/xen-project-4-12-2/

 > Including a number of security fixes:

 > XSA-296: VCPUOP_initialise DoS (CVE-2019-18420)
 > XSA-298: missing descriptor table limit checking in x86 PV emulation
 > 	 (CVE-2019-18425)
 > XSA-299: Issues with restartable PV type change operations (CVE-2019-18421)
 > XSA-301: add-to-physmap can be abused to DoS Arm hosts (CVE-2019-18423)
 > XSA-302: passed through PCI devices may corrupt host memory after
 >          deassignment (CVE-2019-18424)
 > XSA-303: ARM: Interrupts are unconditionally unmasked in exception handlers
 > 	 (CVE-2019-18422)
 > XSA-304: x86: Machine Check Error on Page Size Change DoS (CVE-2018-12207)
 > XSA-305: TSX Asynchronous Abort speculative side channel (CVE-2019-11135)
 > XSA-306: Device quarantine for alternate pci assignment methods
 > 	 (CVE-2019-19579)
 > XSA-307: find_next_bit() issues (CVE-2019-19581 CVE-2019-19582)
 > XSA-308: VMX: VMentry failure with debug exceptions and blocked states
 > 	 (CVE-2019-19583)
 > XSA-309: Linear pagetable use / entry miscounts (CVE-2019-19578)
 > XSA-310: Further issues with restartable PV type change operations
 > 	 (CVE-2019-19580)
 > XSA-311: Bugs in dynamic height handling for AMD IOMMU pagetables
 > 	 (CVE-2019-19577)

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.11.x, thanks.

For 2019.02.x I will instead bump to 4.11.3.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list