[ubuntu-cloud-archive/havana-proposed] xen (Accepted)

James Page james.page at ubuntu.com
Mon Dec 2 16:26:54 UTC 2013


 xen (4.3.0-1ubuntu1.1~cloud0) precise-havana; urgency=low
 .
   * Security update for the Ubuntu Cloud Archive.
 .
 xen (4.3.0-1ubuntu1.1) saucy-security; urgency=low
 .
   * Applying Xen Security Advisories:
     - CVE-2013-1442 / XSA-62
       * Information leak on AVX and/or LWP capable CPUs
     - CVE-2013-4355 / XSA-63
       * Information leaks through I/O instruction emulation
     - CVE-2013-4356 / XSA-64
       * Memory accessible by 64-bit PV guests under live migration
     - CVE-2013-4361 / XSA-66
       Information leak through fbld instruction emulation
     - CVE-2013-4368 / XSA-67
       * Information leak through outs instruction emulation
     - CVE-2013-4369 / XSA-68
       * possible null dereference when parsing vif ratelimiting info
     - CVE-2013-4370 / XSA-69
       * misplaced free in ocaml xc_vcpu_getaffinity stub
     - CVE-2013-4371 / XSA-70
       * use-after-free in libxl_list_cpupool under memory pressure
     - CVE-2013-4416 / XSA-72
       * ocaml xenstored mishandles oversized message replies
     - CVE-2013-4494 / XSA-73
       * Lock order reversal between page allocation and grant table locks

Date: Mon, 02 Dec 2013 12:58:10 +0000
Changed-By: James Page <james.page at ubuntu.com>
Signed-By: James Page <james.page at ubuntu.com> 
Published-By: James Page <james.page at ubuntu.com>


More information about the Cloud-archive-changes mailing list