Univention Bugzilla – Full Text Bug Listing |
Summary: | xen: Multiple issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Janek Walkenhorst <walkenhorst> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann, walkenhorst |
Version: | UCS 3.0 | ||
Target Milestone: | UCS 3.2-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2014-02-13 11:26:51 CET
Denial of service in HVMOP_set_mem_access() (CVE-2014-2599) Denial of service in HVMOP_set_mem_type() (CVE-2014-3124) Information leak through outs instruction emulation (CVE-2014-4368) Hypervisor heap contents leaked to guests (CVE-2014-4021) Denial of service in HVMOP_track_dirty_vram() (CVE-2014-7154) Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155) Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156) Improper MSR range used for x2APIC emulation (CVE-2014-7188) Advisory: 2014-10-10-xen-4.1.yaml Tests (amd64): OK OK: /usr/share/doc/xen-4.1/changelog.Debian.gz OK: win7: install, reboot, suspend+resume OK: ucs3.2: install, reboot, suspend+resume OK: apt-get install msr-tools FAIL: 2014-10-10-xen-4.1.yaml > version: [1, 2, 3] please include 0 > ... bash parser ... copy-paste-error OK: announce_errata -V 2014-10-10-xen-4.1.yaml (In reply to Philipp Hahn from comment #8) > FAIL: 2014-10-10-xen-4.1.yaml > > version: [1, 2, 3] > please include 0 > > > ... bash parser ... > copy-paste-error Fixed OK: xm dmesg | grep -i version # 4.4.5-8.3.201104271833 → OK: hvm pv OK: apt-get install msr-tools;modprobe msr;for ((msr=0x800;msr<0x800+0x3ff;msr++));do rdmsr $msr;done OK: r54326 (In reply to Janek Walkenhorst from comment #9) > Fixed OK: r54356 (In reply to Moritz Muehlenhoff from comment #3) > Information leak through outs instruction emulation (CVE-2014-4368) FYI: That correct CVE is ...2013... instead of 2014. |