Synopsis: Important: xen security and bug fix update Issue date: 2008-10-01 CVE Names: CVE-2008-1945 CVE-2008-1952 It was discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain (DomU) to cause a denial of service, or, possibly, elevate privileges to the privileged domain (Dom0). (CVE-2008-1952) A flaw was found in the QEMU block format auto-detection, when running fully-virtualized guests and using Qemu images written on removable media (USB storage, 3.5" disks). Privileged users of such fully-virtualized guests (DomU), with a raw-formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945) Additionally, the following bug is addressed in this update: * The qcow-create command terminated when invoked due to glibc bounds checking on the realpath() function. SL 5.x SRPMS: xen-3.0.3-64.el5_2.3.src.rpm i386: xen-3.0.3-64.el5_2.3.i386.rpm xen-devel-3.0.3-64.el5_2.3.i386.rpm xen-libs-3.0.3-64.el5_2.3.i386.rpm x86_64: xen-3.0.3-64.el5_2.3.x86_64.rpm xen-devel-3.0.3-64.el5_2.3.i386.rpm xen-devel-3.0.3-64.el5_2.3.x86_64.rpm xen-libs-3.0.3-64.el5_2.3.i386.rpm xen-libs-3.0.3-64.el5_2.3.x86_64.rpm -Connie Sieh -Troy Dawson