Univention Bugzilla – Bug 34115
xen: Multiple issues (3.2)
Last modified: 2014-10-13 17:33:18 CEST
use-after-free in xc_cpupool_getinfo() (CVE-2014-1950)
Denial of service in HVMOP_set_mem_access() (CVE-2014-2599)
Denial of service in HVMOP_set_mem_type() (CVE-2014-3124)
Information leak through outs instruction emulation (CVE-2014-4368)
Hypervisor heap contents leaked to guests (CVE-2014-4021)
Denial of service in HVMOP_track_dirty_vram() (CVE-2014-7154) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155) Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156)
Improper MSR range used for x2APIC emulation (CVE-2014-7188)
Advisory: 2014-10-10-xen-4.1.yaml Tests (amd64): OK
OK: /usr/share/doc/xen-4.1/changelog.Debian.gz OK: win7: install, reboot, suspend+resume OK: ucs3.2: install, reboot, suspend+resume OK: apt-get install msr-tools FAIL: 2014-10-10-xen-4.1.yaml > version: [1, 2, 3] please include 0 > ... bash parser ... copy-paste-error OK: announce_errata -V 2014-10-10-xen-4.1.yaml
(In reply to Philipp Hahn from comment #8) > FAIL: 2014-10-10-xen-4.1.yaml > > version: [1, 2, 3] > please include 0 > > > ... bash parser ... > copy-paste-error Fixed
OK: xm dmesg | grep -i version # 4.4.5-8.3.201104271833 → OK: hvm pv OK: apt-get install msr-tools;modprobe msr;for ((msr=0x800;msr<0x800+0x3ff;msr++));do rdmsr $msr;done OK: r54326 (In reply to Janek Walkenhorst from comment #9) > Fixed OK: r54356 (In reply to Moritz Muehlenhoff from comment #3) > Information leak through outs instruction emulation (CVE-2014-4368) FYI: That correct CVE is ...2013... instead of 2014.
http://errata.univention.de/ucs/3.2/218.html