[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#723641: pu: package xen/4.1.4-5

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

There are several CVE pending for Xen, plus some embargoed ones.  This
fixes all publicly ones that have fixes.

xen (4.1.4-5) UNRELEASED; urgency=high

  * Fix reference counting error introduced in CVE-2013-1918.
    CVE-2013-1432
  * Fix buffer overflow in xencontrol Python binding.
    CVE-2013-2072
  * Fix information leak von XSAVE capable AMD CPUs.
    CVE-2013-2076
  * Fix hypervisor crash due to missing exception recovery in XRESTOR.
    CVE-2013-2077
  * Fix hypervisor crash due to missing exception recovery in XSETBV.
    CVE-2013-2078
  * Fix multiple vulnerabilities in libelf PV kernel handling.
    CVE-2013-2194, CVE-2013-2195, CVE-2013-2196
  * Properly set permissions on console related xenstore entries in libxl.
    CVE-2013-2211
  * Disallow HVM passthrough in libxl with disabled IOMMU.
    CVE-2013-4329

 -- Bastian Blank <waldi@debian.org>  Sun, 05 May 2013 20:51:35 +0200

Bastian

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: