-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Dec 2024 18:46:37 +0100
Source: xen
Architecture: source
Version: 4.17.5+23-ga4e5191dc0-1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Xen Team <
pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Hans van Kranenburg <
hans@knorrie.org>
Changes:
xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium
.
* Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains
security fixes for the following issues:
- x86: shadow stack vs exceptions from emulation stubs
XSA-451 CVE-2023-46841
- x86: Register File Data Sampling
XSA-452 CVE-2023-28746
- GhostRace: Speculative Race Conditions
XSA-453 CVE-2024-2193
- x86 HVM hypercalls may trigger Xen bug check
XSA-454 CVE-2023-46842
- x86: Incorrect logic for BTC/SRSO mitigations
XSA-455 CVE-2024-31142
- x86: Native Branch History Injection
XSA-456 CVE-2024-2201
- double unlock in x86 guest IRQ handling
XSA-458 CVE-2024-31143
- error handling in x86 IOMMU identity mapping
XSA-460 CVE-2024-31145
- PCI device pass-through with shared resources
XSA-461 CVE-2024-31146
- x86: Deadlock in vlapic_error()
XSA-462 CVE-2024-45817
- Deadlock in x86 HVM standard VGA handling
XSA-463 CVE-2024-45818
- libxl leaks data to PVH guests via ACPI tables
XSA-464 CVE-2024-45819
* Note that the following XSA are not listed, because...
- XSA-457 and XSA-465 have patches for the Linux kernel.
- XSA-459 is within Xapi which is not shipped by this package.
- XSA-466 contains a documentation update that was only applied to the
current development version of Xen
Checksums-Sha1:
58955395775ef7b26486be377055e64ac003a3ee 4357 xen_4.17.5+23-ga4e5191dc0-1.dsc
b509f4187aa7edf79279e982b16b4615dff207cd 4683344 xen_4.17.5+23-ga4e5191dc0.orig.tar.xz
4e8ebe8a5d25bfad852447c4a822ca1c2690dc4e 137128 xen_4.17.5+23-ga4e5191dc0-1.debian.tar.xz
Checksums-Sha256:
17639361d2f96b98acc51d303fc7c804f475782afd2a90f875ba3f73ebf5895f 4357 xen_4.17.5+23-ga4e5191dc0-1.dsc
eb54014e42e4b2f91012b8256f3dd368c5aa4da6735c43eb9752c8e244fb01b6 4683344 xen_4.17.5+23-ga4e5191dc0.orig.tar.xz
bda63ae7e8c540a155b416c1f123812701c8e0f87eb9326cc6d593657412b025 137128 xen_4.17.5+23-ga4e5191dc0-1.debian.tar.xz
Files:
3651a7ba34b1be81f3959cbbdffcc101 4357 admin optional xen_4.17.5+23-ga4e5191dc0-1.dsc
0aa7b58e13607128f9318825e787522f 4683344 admin optional xen_4.17.5+23-ga4e5191dc0.orig.tar.xz
f950ae18261d155cc5a06ec44a491e5c 137128 admin optional xen_4.17.5+23-ga4e5191dc0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmdpag0ACgkQEMKTtsN8 TjZ2pA/+MKy/5SSbDcQmTpFhBuQbMYVAa9aBaezfsXKS7uJ5og6m51bG1+0KZQWG wWkjKy3GrhTiKJ06fhjUcQF473VGSv/03CjwueXXQLjTaqKgdW3e2mufoVPNvQha 0i1EClRakm3p5HHAIFwu+Qlfqp3B8AXbocs5hPHxfcJI7y/CQE+VVZG46I6AtWe2 F9ANjn0VSm93e+wDhRJzKVj84bR4cbwwv6K8dILLiVCDF/a4/M1jhvsv4RAe/tid ntPgBhrT201XrtHAUscZeaa99uKavnMhY/oPwtZv31Sw0CBO1Cg+Uq9Ba/swcqhB HTPWCzBsLmyHK3ZUC3X799/0FHHxgPKCB6/ZgzdOy5lQ6c5iqT/jS22sih43kCRC 9E4E2/2+m+821D0pl23XIaoPfa2ypJU/vgXhYx93DVcMjUHs6vP2TOWGgVHhVcSv HkVd0Vacn1j1/KvTIX0l/d/an7Yp5osN4UOyY0Gu90q4/6tXJLySsN9Rp4lRPozO EMypc+ESntbTMgOluOFdXu2L9A1uYZVDH45BCxX7+u/xB3qmcv9CmrYTKMzAPwmz W8FIZPLJCU2yxwerBqVj+jSEtw+hiS3gxznW8NRVowzFCDTTIC85jJzIZe570Mtf 3O0ZbCN8HrEBAcgoiKabUQ3fZabz+KHey/IKAjvD0H5hVZMeXlE=
=eALy
-----END PGP SIGNATURE-----
--==============F36345989645946155=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ5fRMQAKCRCb9qggYcy5 Icq4AQDMguDA03wMUMNIKS/n3lVguBTvuxcjyObxBPB+GVUYXAEAgI80vU8Fnhal isbwmhGFCIZTf5ikV+Ul07uGK556/Qo─u9
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)