Fedora 20 : xen-4.3.2-1.fc20 (2014-2802)

update to xen-4.3.2 includes fix for 'Excessive time to disable caching with HVM guests with PCI passthrough', use-after-free in xccpupoolgetinfo under memory pressure Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

DEBIAN-CVE-2014-1950

Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xccpumapalloc function, which allows local users with access to management functions to cause a denial of service heap corrupti...

Design/Logic Flaw

Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xccpumapalloc function, which allows local users with access to management functions to cause a denial of service heap corrupti...

CVE-2014-1950

Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xccpumapalloc function, which allows local users with access to management functions to cause a denial of service heap corrupti...