Nico Golde
2007-Sep-25 12:12 UTC
[Pkg-xen-devel] Bug#444007: CVE-2007-1320 multiple heap based buffer overflows
Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to | "attempting to mark non-existent regions as dirty," aka the "bitblt" | heap overflow. If you fix this vulnerability please also include the CVE id in your changelog entry. This also affects xen in etch. Please have a look at: http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00021.html http://xenbits.xensource.com/xen-unstable.hg?rev/9e86260b95a4 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320 Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20070925/36ab315d/attachment.pgp
Apparently Analagous Threads
- Bug#464044: xen-unstable: CVE-2007-3919 prone to symlink attack
- Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
- Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
- Bug#444430: CVE-2007-4993 privilege escalation
- Bug#446771: CVE-2007-4993 privilege escalation
Wisdom of the Ancients
