Univention Bugzilla – Bug 33316
xen: Multiple issues (3.2)
Last modified: 2014-01-29 11:18:10 CET
+++ This bug was initially created as a clone of Bug #32766 +++ Information leak with some CPU types if XSAVE is used (CVE-2013-1442) Information leak in I/O code for HVM guests (CVE-2013-4355, CVE-2013-4361) Resource leak in qdisk (CVE-2013-4375) Denial of service through enforced deadlocks (CVE-2013-4494)
Denial of service through incorrect locking (CVE-2013-4553) Incorrect validation of hypercall privileges (CVE-2013-4554)
(In reply to Moritz Muehlenhoff from comment #0) > Resource leak in qdisk (CVE-2013-4375) Xen 4.1 is not affected
(In reply to Moritz Muehlenhoff from comment #1) > Incorrect validation of hypercall privileges (CVE-2013-4554) This is not exploitable on Linux
We can ship these fixes together with Bug 20481
The patches are merged, but Xen cannot be rebuilt yet w/o the fixed linux-libc-dev
The patches were integrated. I've successfully tested the installation of UCS 3.2 and Windows 7 and basic functionality of the installed systems. YAML: 2014-01-14-xen-4.1.yaml
(In reply to Moritz Muehlenhoff from comment #6) > The patches were integrated. I've successfully tested the installation of > UCS 3.2 and Windows 7 and basic functionality of the installed systems. > > YAML: 2014-01-14-xen-4.1.yaml Advisory: OK Test (amd64): Windows 7: OK UCS 3.2: OK
http://errata.univention.de/ucs/3.2/33.html