Displaying 20 results from an estimated 600 matches similar to: "Bug#464044: xen-unstable: CVE-2007-3919 prone to symlink attack"
2007 Oct 23
0
Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss
Package: xen-utils-3.0.3-1
Version: 3.0.3-0-3
Severity: grave
Tags: security
Justification: user security hole
Xen versions 3.x, and 3.1 contain a tool for processing Xen trace
buffer information.
This tool uses the static file /tmp/xenq-shm insecurely allowing
a local user to truncate any local file when xenbaked or xenmon.py
are invoked by root.
Sample session:
# setup.
skx
2008 Mar 06
1
Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
Package: xen-unstable
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-unstable.
CVE-2008-0928[0]:
| Qemu 0.9.1 and earlier does not perform range checks for block device
| read or write requests, which allows guest host users with root
| privileges to access arbitrary memory and escape the virtual machine.
If you fix
2010 Oct 21
2
In-memory databases vs PHP Bindings
I can't quite connect the dots on this, perhaps someone can help. I'm
simply trying to create an in-memory database comprising a single document,
so that I can run a load of queries against it and see if any of them match
the new document (this is to enable users to have 'subscriptions' to saved
searches and be alerted every time a new item is published that matches
their
2008 Jun 19
3
Bug#487097: xen-unstable: multiple security issues
Source: xen-unstable
Version: 3.3-unstable+hg17602-1
Severity: grave
Tags: security, patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for xen-unstable.
CVE-2008-1943[0]:
| Buffer overflow in the backend of XenSource Xen Para Virtualized Frame
| Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial
| of service (crash) and possibly execute
2007 Nov 17
1
Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
Package: xen-3
Version: 3.1.0-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.
CVE-2007-5907[0]:
| Xen 3.1.1 does not prevent modification of the CR4 TSC from
| applications, which allows pv guests to cause a denial of service
| (crash).
CVE-2007-5906[1]:
| Xen 3.1.1 allows virtual guest system users to cause a
|
2007 Sep 25
0
Bug#444007: CVE-2007-1320 multiple heap based buffer overflows
Package: xen-3.0
Version: 3.0.3-0-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.0.
CVE-2007-1320[0]:
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2 might allow local
| users to execute arbitrary code via unspecified vectors related to
|
2007 Sep 28
0
Bug#444430: CVE-2007-4993 privilege escalation
Package: xen-3.0
Version: 3.0.3-0-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.0.
CVE-2007-4993[0]:
| pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest
| domain, allows local users with elevated privileges in the guest domain to
| execute arbitrary commands in domain 0 via a crafted grub.conf
2007 Oct 15
1
Bug#446771: CVE-2007-4993 privilege escalation
tags 446771 + patch
thanks
Hi,
attached is a patch to fix this if you don't already have
one.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2007-4993.patch
Type: text/x-diff
Size: 4742
2008 Oct 04
0
xen-3 stable update for #496367
Hi,
an insecure temporary file creation was reported to the xen-3 some time ago.
This is Debian bug #496367.
Unfortunately the vulnerability is not important enough to get it fixed via
regular security update in Debian stable. It does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[0].
Please contact the release team for this.
This is an
2008 Jun 19
0
Bug#487095: Bug#487095: xen-3: multiple security issues
reopen 487095
reopen 487097
thanks
Hi,
since you thought it's necessary to complain to me about
this bug report on IRC I'm replying to this bug now as well.
> On Thu, Jun 19, 2008 at 04:56:54PM +0200, Thomas Bl?sing wrote:
> > CVE-2008-1943[0]:
> > | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame
> > | Buffer (PVFB) 3.0 through 3.1.2 allows
2018 Nov 07
0
Re: timeout on VM actions prone to hang
On 11/07/2018 01:46 PM, Nikola Ciprich wrote:
> Hi fellow libvirt users,
>
> I'd like to ask, whether somebody possibly dealt with similar
> problem we're hitting.. Some of libvirt VM operations (ie
> fs freeze) are prone to hang for long time, in case the guest
> agent is in some bad state.. My question is, if it's possible
> to set some timeout for such
2003 May 15
1
error-prone feature?
Hi All,
while looking why the cclust(cclust) doesn't work for 1-dimensional data,
I've found unpleasant behavior in semantics of R. Indeed:
is.matrix(matrix(cbind(c(1,2,3,4)),ncol=2)[1:2,]) == TRUE
but:
is.matrix(matrix(c(1,2))[1:2,]) == FALSE
kind regards,
Valery A.Khamenya
---------------------------------------------------------------------------
Bioinformatics
2003 May 15
0
AW: AW: error-prone feature?
> Nothing to do with me: you should report problems with
> packages to the
> maintainers, rather than R-help or a member of R-core.
OK.
I've sent a note about cclust patch to Evgenia Dimitriadou
Thank you for your valueable comments.
(No more reply needed in this thread)
kind regards,
Valery A.Khamenya
---------------------------------------------------------------------------
2003 May 15
2
AW: error-prone feature?
> Well, that is in all good texts on R, together with the
> solution: drop=FALSE. See ?"[" for the on-line details.
OK. Thank you a lot. Now patched cclust and clustIndex
work fine for 1D case. BTW, why not to apply the "drop=F"
to these functions? I guess other users need 1D case as
well.
kind regards,
Valery A.Khamenya
2009 Jul 09
2
executing an error prone function without stopping a script
Dear R Users,
I've used this a long time ago but have forgotten. Trawling aroung the various sources somehow does not lead me to it. How can I execute an error prone function without stopping a script if it goes wrong ?
Thanks in advance,
Tolga
This email is confidential and subject to important disclaimers and
conditions including on offers for the purchase or sale of
securities, accuracy
2009 Aug 13
1
Running an error-prone R script using 'source' command
Hi All,
I am running a semi-stable algorithms from an R script file using 'source'.
At a certain point one of the algorithms will most probably return an error
and crash the run.
What I would like to do is to make [R] keep running and just skip to the
next command line in the external script file...
I have tried using 'try' 'tryCatch' blocks and 'dump.frames'
2024 May 16
1
Least error-prone reading of Excel files?
I'm tasked to read a table from an excel file and it doesn't mention which
method to use. I went back some lessons ago and the 5 years old lesson
mentioned to pick a package using the highest score the way of the attached
(screenshot). Since there's no requirement of a method to read Excel files,
I'd rather use the least error-prone one; what would that be? eg will try
multiple
2012 Oct 02
1
[LLVMdev] Error prone default memory capturing convention of blocks.
Hi guys,
I've been using blocks for a while and found that current behavior is error prone. So I am going to propose to you the better one.
Motivation:
1) The __weak variables in blocks are very common pattern. So having any implicit default behavior makes thing worse.
2) Some stupid mistakes like:
__weak typeof (self) theSelf = self;
...^ {
theSelf.blabla = ..
....
[self blabla];
2018 Nov 07
2
timeout on VM actions prone to hang
Hi fellow libvirt users,
I'd like to ask, whether somebody possibly dealt with similar
problem we're hitting.. Some of libvirt VM operations (ie
fs freeze) are prone to hang for long time, in case the guest
agent is in some bad state.. My question is, if it's possible
to set some timeout for such operations, or we have to deal with
it ie with separate thread and some timers? we're
2007 Oct 15
0
Processed: reassign 444430 to xen-3.0, cloning 444430, reassign -1 to xen-3, closing 444430
Processing commands for control at bugs.debian.org:
> # Automatically generated email from bts, devscripts version 2.9.26
> reassign 444430 xen-3.0 3.0.3-0-2
Bug#444430: CVE-2007-4993 privilege escalation
Bug reassigned from package `xen-3' to `xen-3.0'.
> clone 444430 -1
Bug#444430: CVE-2007-4993 privilege escalation
Bug 444430 cloned as bug 446771.
> reassign -1 xen-3