Description
Xen has been updated to version 4.2.5 with additional patches to fix six
security issues:
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
(CVE-2014-9030).
Insufficient bounding of "REP MOVS" to MMIO emulated inside the
hypervisor (CVE-2014-8867).
Excessive checking in compatibility mode hypercall argument
translation (CVE-2014-8866).
Guest user mode triggerable VM exits not handled by hypervisor
(bnc#903850).
Missing privilege level checks in x86 emulation of far branches
(CVE-2014-8595).
Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594).