Univention Bugzilla – Bug 36872
xen: Multiple issues (3.2)
Last modified: 2015-01-21 12:23:04 CET
Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595) Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594)
Page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030) http://xenbits.xen.org/xsa/advisory-97.html (CVE-2014-5146, CVE-2014-5149) is too intrusive to backport to Xen 4.1, the impact is also minor)
Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor allows denial of service (CVE-2014-8867) Excessive checking in compatibility mode hypercall argument translation allows denial of service (CVE-2014-8866)
The patches have been backported and merged into dev/branches/ucs-3.2/ucs-3.2-4/virtualization/xen-4.1 Tests were successful: I've installed and booted a UCS 3.2 and a Win7 system (both as amd64). Installing the GPLPV drivers worked fine as well. YAML file: 2014-12-03-xen-4.1.yaml
OK: CVE-2014-8594.patch e4292c5aac41b80f33d4877104348d5ee7c95aa4 OK: CVE-2014-8595.patch 1d68c1a70e00ed95ef0889cfa005379dab27b37d OK: CVE-2014-9030.patch 6913fa31fa898f45ecc3b00e2397b8ebc75c8df4 OK: CVE-2014-8867.patch c5397354b998d030b021810b8202de93b9526818 OK: CVE-2014-8866.patch 0ad715304b04739fd2fc9517ce8671d3947c7621
OK: Win7 OK: Win7+GPLPV OK: Win2008 OK: Win2008+GPLPV OK: UCS-3.2 OK: Migrate 16.41.201410101644 -> 16.41.201410101644 OK: Migrate 16.41.201410101644 -> 18.44.201412051509 OK: Migrate 18.44.201412051509 -> 16.41.201410101644 OK: Migrate 18.44.201412051509 -> 18.44.201412051509 OK: aptitude install '?source-package(xen-4.1)?installed' OK: 2014-12-03-xen-4.1.yaml OK: errata-announce -V 2014-12-03-xen-4.1.yaml OK: CVE-2014-????
http://errata.univention.de/ucs/3.2/274.html