Subject: | |
From: | |
Reply To: | |
Date: | Wed, 1 Oct 2008 14:22:39 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: xen security and bug fix update
Issue date: 2008-10-01
CVE Names: CVE-2008-1945 CVE-2008-1952
It was discovered that the hypervisor's para-virtualized framebuffer (PVFB)
backend failed to validate the frontend's framebuffer description properly.
This could allow a privileged user in the unprivileged domain (DomU) to
cause a denial of service, or, possibly, elevate privileges to the
privileged domain (Dom0). (CVE-2008-1952)
A flaw was found in the QEMU block format auto-detection, when running
fully-virtualized guests and using Qemu images written on removable media
(USB storage, 3.5" disks). Privileged users of such fully-virtualized
guests (DomU), with a raw-formatted disk image, were able to write a header
to that disk image describing another format. This could allow such guests
to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945)
Additionally, the following bug is addressed in this update:
* The qcow-create command terminated when invoked due to glibc bounds
checking on the realpath() function.
SL 5.x
SRPMS:
xen-3.0.3-64.el5_2.3.src.rpm
i386:
xen-3.0.3-64.el5_2.3.i386.rpm
xen-devel-3.0.3-64.el5_2.3.i386.rpm
xen-libs-3.0.3-64.el5_2.3.i386.rpm
x86_64:
xen-3.0.3-64.el5_2.3.x86_64.rpm
xen-devel-3.0.3-64.el5_2.3.i386.rpm
xen-devel-3.0.3-64.el5_2.3.x86_64.rpm
xen-libs-3.0.3-64.el5_2.3.i386.rpm
xen-libs-3.0.3-64.el5_2.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|