Running only PV guests will avoid this issue. No upgrade needed.
On Tue, Jan 27, 2015 at 11:53:46AM +0100, Moritz Muehlenhoff wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3140-1 [email protected] > http://www.debian.org/security/ Moritz Muehlenhoff > January 27, 2015 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : xen > CVE ID : CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 > CVE-2014-9030 > > Multiple security issues have been discovered in the Xen virtualisation > solution which may result in denial of service, information disclosure > or privilege escalation. > > CVE-2014-8594 > > Roger Pau Monne and Jan Beulich discovered that incomplete > restrictions on MMU update hypercalls may result in privilege > escalation. > > CVE-2014-8595 > > Jan Beulich discovered that missing privilege level checks in the > x86 emulation of far branches may result in privilege escalation. > > CVE-2014-8866 > > Jan Beulich discovered that an error in compatibility mode hypercall > argument translation may result in denial of service. > > CVE-2014-8867 > > Jan Beulich discovered that an insufficient restriction in > acceleration support for the "REP MOVS" instruction may result in > denial of service. > > CVE-2014-9030 > > Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE > handling, resulting in denial of service. > > For the stable distribution (wheezy), these problems have been fixed in > version 4.1.4-3+deb7u4. > > For the upcoming stable distribution (jessie), these problems have been > fixed in version 4.4.1-4. > > For the unstable distribution (sid), these problems have been fixed in > version 4.4.1-4. > > We recommend that you upgrade your xen packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJUx233AAoJEBDCk7bDfE427SwP/0vk4BEClNotQKKEEJduVMP2 > zb8b++/f4ZocQgezJ9/oew8UGgd9Klq6XcIh5BVaQi6PD70sw4uWX03820PCs88X > ywRCrTHSXPfPlwOG6dY8nZ1oOUItP64N03j+nugI27GNPgmJpu7xgewmY+c8vZpF > r5sEjhINwgDmHMCgb8bCFKQ/7UDUcE2MZJVF++oWuKusvCFo57cG/pakRwF9XFsw > Aw24obp7vySzOs5mThid3asOHcNqUYZml1YTI6E3nxL+bL9K11KFZzl98a75Q4YI > HJJuqJk3H5CO+GCSq2Dl6NzHBWA7hCFepaKilhj/Ao6vnAoqbkFjklwczofXM6fq > wQ1586wFp6ZTFtawn66DKoeT3CQp+OhOce5N4X3num6Ev32yaK8Rox7CF9xena6Q > ubEEW2pKKblwFJRVm9wyBo1RQvPUyMUsvbq+DNX2GBJ1+wOzIMqm0K9G7+nFlGI8 > Z7u3RIgLTolzgFN0NR6B4A03/0kOYKNlrFuJB8wXerkwFsK/X4wX/f2dRJRleiNX > JzDvWYCfcjWTrRjcvGdotNELdDoz+eePFuRzp7Os4SdJE2dxdWBsmvqU/NXc8pBL > d1FtjPArM8IndL0Mf6+oPz3uAAFPjbaeTRQk/uhX7HPVN9gLDqyLWGuCsaf+seMu > 9IwVAOzHz+HymOHT02af > =5heI > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: https://lists.debian.org/[email protected] -- Regards, Pim van den Berg - Cloud Infrastructure Engineer GPG: 0x50A8EDDA - [email protected] - www.mendix.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
