CVE-2014-4021 Information

Description

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests which allows local guest OS users to obtain sensitive information via unspecified vectors.

Reference

http://linux.oracle.com/errata/ELSA-2014-0926.html http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://secunia.com/advisories/59208 http://secunia.com/advisories/60027 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 http://security.gentoo.org/glsa/glsa-201407-03.xml http://support.citrix.com/article/CTX140984 http://www.debian.org/security/2014/dsa-3006 http://www.securityfocus.com/bid/68070 http://www.securitytracker.com/id/1030442 http://xenbits.xen.org/xsa/advisory-100.html