Summary: | <app-emulation/xen-{4.2.4-r4,4.3.2-r4},<app-emulation/xen-tools-{4.2.4-r6,4.3.2-r5}: Hypervisor heap contents leaked to guests (CVE-2014-4021) (XSA-100) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/06/17/6 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-06-19 09:38:18 UTC
+*xen-4.4.0-r5 (09 Jul 2014) +*xen-4.3.2-r4 (09 Jul 2014) +*xen-4.2.4-r4 (09 Jul 2014) + + 09 Jul 2014; Yixun Lan <dlan@gentoo.org> +xen-4.2.4-r4.ebuild, + +xen-4.3.2-r4.ebuild, +xen-4.4.0-r5.ebuild: + bump stable/security patches, fix bug 515106, 513824 dlan, As per discussion please either call for stabilization, or advise when ready for stabilization. Arches, please test and mark stable: =app-emulation/xen-4.2.4-r4 =app-emulation/xen-tools-4.2.4-r6 Target keywords Both : "amd64 x86" =app-emulation/xen-4.3.2-r4 =app-emulation/xen-tools-4.3.2-r5 Target keywords Only: "amd64" amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. thanks, old versions have been pruned out. Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes CVE-2014-4021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021): Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |