Все бюллетени/sisyphus/ALT-PU-2014-2061-1
ALT-PU-2014-2061-1

Обновление пакета xen в ветке sisyphus

Версия4.4.1-alt1
Задание#128919
Опубликовано2014-09-03
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (4)

CVE-2014-4611
MEDIUM5.0

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Опубликовано: 2014-07-03Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
Ссылки
CVE-2014-5146
MEDIUM4.7

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

Опубликовано: 2014-08-22Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-5147
MEDIUM4.3

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.

Опубликовано: 2014-08-29Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:A/AC:H/Au:S/C:N/I:N/A:C
Ссылки
CVE-2014-5148
MEDIUM4.6

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.

Опубликовано: 2014-10-26Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
Ссылки