Release date:
Updated on:
Affected Systems:
XenSource Xen 4.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65529
CVE (CAN) ID: CVE-2014-1950
Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.
In Xen 4.1, xc_cpupool_getinfo () is released after xc_cpumap_alloc () fails, and an error is returned to the result structure.
<* Source: Coverity Scan (http://scan.coverity.com /)
Link: http://seclists.org/oss-sec/2014/q1/330
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
XenSource
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.xen.org/archives/html/xen-announce
Recommended reading:
How does XenServer add local storage?
Enable and configure the SNMP service for Citrix XenServer
Install XS-Tools (XenServer) in CentOS/Linux)
XenServer Tutorial: How to Implement hot migration