similar to: Bug#464044: xen-unstable: CVE-2007-3919 prone to symlink attack

Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any local file when xenbaked or xenmon.py are invoked by root. Sample session: # setup. skx

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

I can't quite connect the dots on this, perhaps someone can help. I'm simply trying to create an in-memory database comprising a single document, so that I can run a load of queries against it and see if any of them match the new document (this is to enable users to have 'subscriptions' to saved searches and be alerted every time a new item is published that matches their

Source: xen-unstable Version: 3.3-unstable+hg17602-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-unstable. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to |

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

Hi, an insecure temporary file creation was reported to the xen-3 some time ago. This is Debian bug #496367. Unfortunately the vulnerability is not important enough to get it fixed via regular security update in Debian stable. It does not warrant a DSA. However it would be nice if this could get fixed via a regular point update[0]. Please contact the release team for this. This is an

reopen 487095 reopen 487097 thanks Hi, since you thought it's necessary to complain to me about this bug report on IRC I'm replying to this bug now as well. > On Thu, Jun 19, 2008 at 04:56:54PM +0200, Thomas Bl?sing wrote: > > CVE-2008-1943[0]: > > | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame > > | Buffer (PVFB) 3.0 through 3.1.2 allows

On 11/07/2018 01:46 PM, Nikola Ciprich wrote: > Hi fellow libvirt users, > > I'd like to ask, whether somebody possibly dealt with similar > problem we're hitting.. Some of libvirt VM operations (ie > fs freeze) are prone to hang for long time, in case the guest > agent is in some bad state.. My question is, if it's possible > to set some timeout for such

Hi All, while looking why the cclust(cclust) doesn't work for 1-dimensional data, I've found unpleasant behavior in semantics of R. Indeed: is.matrix(matrix(cbind(c(1,2,3,4)),ncol=2)[1:2,]) == TRUE but: is.matrix(matrix(c(1,2))[1:2,]) == FALSE kind regards, Valery A.Khamenya --------------------------------------------------------------------------- Bioinformatics

> Nothing to do with me: you should report problems with > packages to the > maintainers, rather than R-help or a member of R-core. OK. I've sent a note about cclust patch to Evgenia Dimitriadou Thank you for your valueable comments. (No more reply needed in this thread) kind regards, Valery A.Khamenya ---------------------------------------------------------------------------

> Well, that is in all good texts on R, together with the > solution: drop=FALSE. See ?"[" for the on-line details. OK. Thank you a lot. Now patched cclust and clustIndex work fine for 1D case. BTW, why not to apply the "drop=F" to these functions? I guess other users need 1D case as well. kind regards, Valery A.Khamenya

Dear R Users, I've used this a long time ago but have forgotten. Trawling aroung the various sources somehow does not lead me to it. How can I execute an error prone function without stopping a script if it goes wrong ? Thanks in advance, Tolga This email is confidential and subject to important disclaimers and conditions including on offers for the purchase or sale of securities, accuracy

Hi All, I am running a semi-stable algorithms from an R script file using 'source'. At a certain point one of the algorithms will most probably return an error and crash the run. What I would like to do is to make [R] keep running and just skip to the next command line in the external script file... I have tried using 'try' 'tryCatch' blocks and 'dump.frames'

Hi guys, I've been using blocks for a while and found that current behavior is error prone. So I am going to propose to you the better one. Motivation: 1) The __weak variables in blocks are very common pattern. So having any implicit default behavior makes thing worse. 2) Some stupid mistakes like: __weak typeof (self) theSelf = self; ...^ { theSelf.blabla = .. .... [self blabla];

Hi fellow libvirt users, I'd like to ask, whether somebody possibly dealt with similar problem we're hitting.. Some of libvirt VM operations (ie fs freeze) are prone to hang for long time, in case the guest agent is in some bad state.. My question is, if it's possible to set some timeout for such operations, or we have to deal with it ie with separate thread and some timers? we're

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 444430 xen-3.0 3.0.3-0-2 Bug#444430: CVE-2007-4993 privilege escalation Bug reassigned from package `xen-3' to `xen-3.0'. > clone 444430 -1 Bug#444430: CVE-2007-4993 privilege escalation Bug 444430 cloned as bug 446771. > reassign -1 xen-3

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > close 446771 3.1.1-1 Bug#446771: CVE-2007-4993 privilege escalation 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 3.1.1-1, send any further explanations to Nico Golde <nion at debian.org> > End