search for: 487095

Source: xen-3 Version: 3.2.1-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-3. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute arbitrary code via a crafted |

reopen 487095 reopen 487097 thanks Hi, since you thought it's necessary to complain to me about this bug report on IRC I'm replying to this bug now as well. > On Thu, Jun 19, 2008 at 04:56:54PM +0200, Thomas Bl?sing wrote: > > CVE-2008-1943[0]: > > | Buffer overflow in the backend of Xe...

...-3.2-1-amd64 Version: 3.2.1-2 Severity: serious After noting that this version supposedly loads bzImage kernels: | xen-3 (3.2.1-2) unstable; urgency=low | | * Use e2fslibs based ext2 support for pygrub. (closes: #476366) | * Fix missing checks in pvfb code. | See CVE-2008-1952. (closes: #487095) | * Add support for loading bzImage files. (closes: #474509) | * Enable TLS support in ioemu code. | * Drop libcrypto usage because of GPL-incompatibility. | * Remove AES code from blktap drivers. Considered broken. I thought I might give it a try (right now I am running on xen-3.4 hg),...