| Errata ID | 274 |
|---|---|
| Date | 2015-01-21 |
| Source package | xen-4.1 |
| Fixed in version | 4.1.3-18.44.201412051509 |
| Description | This update fixes the following security issues: - Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595) - Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594) - Page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor allows denial of service (CVE-2014-8867) - Excessive checking in compatibility mode hypercall argument translation allows denial of service (CVE-2014-8866) This update addresses the following issues: - Fix decoding of hexadecimal escaped characters in description. |
| Additional notes | |
| CVE ID | CVE-2014-8595 CVE-2014-8594 CVE-2014-9030 CVE-2014-8867 CVE-2014-8866 |
| UCS Bug number | #36872 #36098 |
