Fri Sep 26 10:40:45 2014 UTC ()
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
(bouyer)
diff -r1.22 -r1.23 pkgsrc/sysutils/xentools42/Makefile
--- pkgsrc/sysutils/xentools42/Attic/Makefile 2014/05/29 23:37:32 1.22
+++ pkgsrc/sysutils/xentools42/Attic/Makefile 2014/09/26 10:40:45 1.23