Synopsis:	Important: xen security and bug fix update
Issue date:	2008-10-01
CVE Names:	CVE-2008-1945 CVE-2008-1952

It was discovered that the hypervisor's para-virtualized framebuffer (PVFB)
backend failed to validate the frontend's framebuffer description properly.
This could allow a privileged user in the unprivileged domain (DomU) to
cause a denial of service, or, possibly, elevate privileges to the
privileged domain (Dom0). (CVE-2008-1952)

A flaw was found in the QEMU block format auto-detection, when running
fully-virtualized guests and using Qemu images written on removable media
(USB storage, 3.5" disks). Privileged users of such fully-virtualized
guests (DomU), with a raw-formatted disk image, were able to write a header
to that disk image describing another format. This could allow such guests
to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945)

Additionally, the following bug is addressed in this update:

* The qcow-create command terminated when invoked due to glibc bounds
checking on the realpath() function.

SL 5.x

    SRPMS:
xen-3.0.3-64.el5_2.3.src.rpm
    i386:
xen-3.0.3-64.el5_2.3.i386.rpm
xen-devel-3.0.3-64.el5_2.3.i386.rpm
xen-libs-3.0.3-64.el5_2.3.i386.rpm
    x86_64:
xen-3.0.3-64.el5_2.3.x86_64.rpm
xen-devel-3.0.3-64.el5_2.3.i386.rpm
xen-devel-3.0.3-64.el5_2.3.x86_64.rpm
xen-libs-3.0.3-64.el5_2.3.i386.rpm
xen-libs-3.0.3-64.el5_2.3.x86_64.rpm

-Connie Sieh
-Troy Dawson