similar to: Bug#487095: Bug#487095: xen-3: multiple security issues

Source: xen-unstable Version: 3.3-unstable+hg17602-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-unstable. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Source: xen-unstable Version: 3.0-unstable+hg11561-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2007-3919[0]: | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local | users to truncate arbitrary files via a symlink attack on | /tmp/xenq-shm. If you fix this vulnerability please also include

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to |

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

Hi, an insecure temporary file creation was reported to the xen-3 some time ago. This is Debian bug #496367. Unfortunately the vulnerability is not important enough to get it fixed via regular security update in Debian stable. It does not warrant a DSA. However it would be nice if this could get fixed via a regular point update[0]. Please contact the release team for this. This is an

Source: xen-3 Version: 3.2.1-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-3. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute arbitrary code via a crafted |

Dear Xen Maintainers The following CVEs(0,1) have been filled against xen. Could you please check, whether they affect any debian versions and how important they are? They are rather left over on our TODO list and I'd like to forward them to you for checking. CVE-2008-1944: Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 444430 xen-3.0 3.0.3-0-2 Bug#444430: CVE-2007-4993 privilege escalation Bug reassigned from package `xen-3' to `xen-3.0'. > clone 444430 -1 Bug#444430: CVE-2007-4993 privilege escalation Bug 444430 cloned as bug 446771. > reassign -1 xen-3

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > close 446771 3.1.1-1 Bug#446771: CVE-2007-4993 privilege escalation 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 3.1.1-1, send any further explanations to Nico Golde <nion at debian.org> > End

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 469662 xen-unstable Bug#469662: xen-3: CVE-2008-0928 privilege escalation Bug reassigned from package `xen-3' to `xen-unstable'. > close 469662 3.3-unstable+hg17192-1 Bug#469662: xen-3: CVE-2008-0928 privilege escalation 'close' is

Package: xen-hypervisor-3.2-1-amd64 Version: 3.2.1-2 Severity: serious After noting that this version supposedly loads bzImage kernels: | xen-3 (3.2.1-2) unstable; urgency=low | | * Use e2fslibs based ext2 support for pygrub. (closes: #476366) | * Fix missing checks in pvfb code. | See CVE-2008-1952. (closes: #487095) | * Add support for loading bzImage files. (closes: #474509) | *

I have a similar patch for this, which is generated in linux-2.6.16.33-xen/.config automatically. See attachment defbuild.patch. Pae_new_config is used to build x86_32 with PAE enabled. Ping >-----Original Message----- >From: xen-ia64-devel-bounces@lists.xensource.com [mailto:xen-ia64-devel-bounces@lists.xensource.com] On Behalf Of Atsushi >SAKAI >Sent: 2006年12月4日 12:22 >To:

Without console= arguments on the kernel command line, the first console to register becomes enabled and the preferred console (the one behind /dev/console). This is tty (assuming CONFIG_VT_CONSOLE is enabled, which it commonly is). This is okay as long tty is a useful console. But unless we have the PV framebuffer, and it is enabled for this domain, tty0 in domU is merely a dummy. In that

Without console= arguments on the kernel command line, the first console to register becomes enabled and the preferred console (the one behind /dev/console). This is tty (assuming CONFIG_VT_CONSOLE is enabled, which it commonly is). This is okay as long tty is a useful console. But unless we have the PV framebuffer, and it is enabled for this domain, tty0 in domU is merely a dummy. In that

Without console= arguments on the kernel command line, the first console to register becomes enabled and the preferred console (the one behind /dev/console). This is tty (assuming CONFIG_VT_CONSOLE is enabled, which it commonly is). This is okay as long tty is a useful console. But unless we have the PV framebuffer, and it is enabled for this domain, tty0 in domU is merely a dummy. In that

As many of us are all too painfully aware we have completely different VNC server implementations for paravirt vs fullyvirt Xen guests. The former based on libvncserver, the latter integrated into QEMU. There are many new and interesting ideas being tried out in the VNC server space in particular wrt to virtualization and having to implement them all twice is not very desirable. Also

Patches 1of2 and 2of2 adds multiple frame buffer resolution support to the PV xenfb frame buffer driver and the PV xenfb VNC server. API Changelog entry is included here as I did not see doc/ChangeLog when I did a tip clone this morning. --------------------------------------------------------------- API Changelog entry: PV framebuffer multiple resolution facility: Guest may send