- Vulnerability/
- RHSA-2008:0194
RHSA-2008:0194: Important: xen security and bug fix update
First published: Tue May 13 2008(Updated: )
The xen packages contain tools for managing the virtual machine monitor in<br>Red Hat Virtualization.<br>These updated packages fix the following security issues:<br>Daniel P. Berrange discovered that the hypervisor's para-virtualized<br>framebuffer (PVFB) backend failed to validate the format of messages<br>serving to update the contents of the framebuffer. This could allow a<br>malicious user to cause a denial of service, or compromise the privileged<br>domain (Dom0). (CVE-2008-1944)<br>Markus Armbruster discovered that the hypervisor's para-virtualized<br>framebuffer (PVFB) backend failed to validate the frontend's framebuffer<br>description. This could allow a malicious user to cause a denial of<br>service, or to use a specially crafted frontend to compromise the<br>privileged domain (Dom0). (CVE-2008-1943)<br>Chris Wright discovered a security vulnerability in the QEMU block format<br>auto-detection, when running fully-virtualized guests. Such<br>fully-virtualized guests, with a raw formatted disk image, were able<br>to write a header to that disk image describing another format. This could<br>allow such guests to read arbitrary files in their hypervisor's host.<br>(CVE-2008-2004)<br>Ian Jackson discovered a security vulnerability in the QEMU block device<br>drivers backend. A guest operating system could issue a block device<br>request and read or write arbitrary memory locations, which could lead to<br>privilege escalation. (CVE-2008-0928)<br>Tavis Ormandy found that QEMU did not perform adequate sanity-checking of<br>data received via the "net socket listen" option. A malicious local<br>administrator of a guest domain could trigger this flaw to potentially<br>execute arbitrary code outside of the domain. (CVE-2007-5730)<br>Steve Kemp discovered that the xenbaked daemon and the XenMon utility<br>communicated via an insecure temporary file. A malicious local<br>administrator of a guest domain could perform a symbolic link attack,<br>causing arbitrary files to be truncated. (CVE-2007-3919)<br>As well, in the previous xen packages, it was possible for Dom0 to fail to<br>flush data from a fully-virtualized guest to disk, even if the guest<br>explicitly requested the flush. This could cause data integrity problems on<br>the guest. In these updated packages, Dom0 always respects the request to<br>flush to disk.<br>Users of xen are advised to upgrade to these updated packages, which<br>resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/xen | <3.0.3-41.el5_1.5 | 3.0.3-41.el5_1.5 |
| redhat/xen | <3.0.3-41.el5_1.5 | 3.0.3-41.el5_1.5 |
| redhat/xen-devel | <3.0.3-41.el5_1.5 | 3.0.3-41.el5_1.5 |
| redhat/xen-devel | <3.0.3-41.el5_1.5 | 3.0.3-41.el5_1.5 |
| redhat/xen-libs | <3.0.3-41.el5_1.5 | 3.0.3-41.el5_1.5 |
| redhat/xen-libs | <3.0.3-41.el5_1.5 | 3.0.3-41.el5_1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=350421
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=360381
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=433560
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=435495
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=443078
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=443390
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=444583
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2008:0194 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0194
- agent/software-canonical-lookup
- package-manager/redhat