Updated xen package fixes security issues
Publication date: 01 Jul 2013Modification date: 01 Jul 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2076 , CVE-2013-2077 , CVE-2013-2078 , CVE-2013-2194 , CVE-2013-2195 , CVE-2013-2196 , CVE-2013-2072 , CVE-2013-2211 , CVE-2013-1432
Description
This update fixes the following security issues:
XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs
XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR
XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV
XSA-55/CVE-2013-2194: integer overflows
XSA-55/CVE-2013-2195: pointer dereferences
XSA-55/CVE-2013-2196: other problems
XSA-56/CVE-2013-2072: Buffer overflow in xencontrol Python bindings affecting xend
XSA-57/CVE-2013-2211: libxl allows guest write access to sensitive console related xenstore keys
XSA-58/CVE-2013-1432: Page reference counting error due to XSA-45/CVE-2013-1918 fixes
References
- https://bugs.mageia.org/show_bug.cgi?id=10586
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432
SRPMS
3/core
- xen-4.2.1-16.2.mga3