Thomas Bläsing
2008-Jun-19 14:56 UTC
[Pkg-xen-devel] Bug#487095: xen-3: multiple security issues
Source: xen-3 Version: 3.2.1-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-3. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute arbitrary code via a crafted | description of a shared framebuffer. CVE-2008-1944[1]: | Buffer overflow in the backend framebuffer of XenSource Xen | Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows | local users to cause a denial of service (SDL crash) and possibly | execute arbitrary code via "bogus screen updates," related to missing | validation of the "format of messages." CVE-2008-1952[2]: | ** RESERVED ** | This candidate has been reserved by an organization or individual that | will use it when announcing a new security problem. When the | candidate has been publicized, the details for this candidate will be | provided. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1943 http://security-tracker.debian.net/tracker/CVE-2008-1943 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1944 http://security-tracker.debian.net/tracker/CVE-2008-1944 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1952 http://security-tracker.debian.net/tracker/CVE-2008-1952 These issues are fixed within the following patch for fedora: http://cvs.fedoraproject.org/viewcvs/rpms/xen/F-9/xen-pvfb-validate-fb.patch?view=markup Kind regards, Thomas. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080619/ab4dec23/attachment.pgp
Debian Bug Tracking System
2008-Jun-19 18:06 UTC
[Pkg-xen-devel] Bug#487095: marked as done (xen-3: multiple security issues)
Your message dated Thu, 19 Jun 2008 20:05:01 +0200 with message-id <20080619180501.GA1871 at wavehammer.waldi.eu.org> and subject line Re: [Pkg-xen-devel] Bug#487095: xen-3: multiple security issues has caused the Debian Bug report #487095, regarding xen-3: multiple security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 487095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487095 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Thomas =?utf-8?Q?Bl=C3=A4sing?= <thomasbl at pool.math.tu-berlin.de> Subject: xen-3: multiple security issues Date: Thu, 19 Jun 2008 16:56:54 +0200 Size: 3819 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080619/4be6bee9/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: Re: [Pkg-xen-devel] Bug#487095: xen-3: multiple security issues Date: Thu, 19 Jun 2008 20:05:01 +0200 Size: 2501 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080619/4be6bee9/attachment-0001.eml
Debian Bug Tracking System
2008-Jun-28 09:52 UTC
[Pkg-xen-devel] Bug#487095: marked as done (xen-3: multiple security issues)
Your message dated Sat, 28 Jun 2008 09:47:08 +0000 with message-id <E1KCX1Q-0007tG-MG at ries.debian.org> and subject line Bug#487095: fixed in xen-3 3.2.1-2 has caused the Debian Bug report #487095, regarding xen-3: multiple security issues to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 487095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487095 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Thomas =?utf-8?Q?Bl=C3=A4sing?= <thomasbl at pool.math.tu-berlin.de> Subject: xen-3: multiple security issues Date: Thu, 19 Jun 2008 16:56:54 +0200 Size: 3819 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080628/6672e819/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: Bug#487095: fixed in xen-3 3.2.1-2 Date: Sat, 28 Jun 2008 09:47:08 +0000 Size: 6493 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080628/6672e819/attachment-0001.eml