Univention Bugzilla – Bug 32766
xen: Multiple issues (3.1)
Last modified: 2019-04-11 19:24:41 CEST
Information leak in I/O code for HVM guests (CVE-2013-4355, CVE-2013-4361) Information leak with some CPU types if XSAVE is used (CVE-2013-1442)
Resource leak in qdisk (CVE-2013-4375) (UCS 2.4 is not affected) qemu-kvm is not affected, specific to Xen.
Denial of service through enforced deadlocks (CVE-2013-4494)
Denial of service through incorrect locking (CVE-2013-4553) Incorrect validation of hypercall privileges (CVE-2013-4554)
use-after-free in xc_cpupool_getinfo() (CVE-2014-1950)
Denial of service in HVMOP_set_mem_access() (CVE-2014-2599)
Denial of service in HVMOP_set_mem_type() (CVE-2014-3124)
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.