Debian DSA-2582-1: Critical Denial Of Service In Xen Hypervisor

Some of the recently published Xen Security Advisories (XSA 25 and 28) are not
fixed by this update and should be fixed in a future release.

CVE-2011-3131 (XSA 5): DoS using I/OMMU faults from PCI-passthrough guest

A VM that controls a PCI[E] device directly can cause it to issue DMA
requests to invalid addresses. Although these requests are denied by the
I/OMMU, the hypervisor needs to handle the interrupt and clear the error from
the I/OMMU, and this can be used to live-lock a CPU and potentially hang the
host.

CVE-2012-4535 (XSA 20): Timer overflow DoS vulnerability

A guest which sets a VCPU with an inappropriate deadline can cause an
infinite loop in Xen, blocking the affected physical CPU indefinitely.

CVE-2012-4537 (XSA 22): Memory mapping failure DoS vulnerability

When set_p2m_entry fails, Xen's internal data structures (the p2m and m2p
tables) can get out of sync. This failure can be triggered by unusual guest
behaviour exhausting the memory reserved for the p2m table. If it hap...