*xen-tools-4.3.1-r5 (13 Feb 2014)
*xen-tools-4.2.2-r7 (13 Feb 2014)
see bug #500530
Fixed as part of Bug 500530.
Adding to existing GLSA.
This issue was resolved and addressed in
GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x
through 4.3.x, when using a multithreaded toolstack, does not properly
handle a failure by the xc_cpumap_alloc function, which allows local users
with access to management functions to cause a denial of service (heap
corruption) and possibly gain privileges via unspecified vectors.