Paketname
xen
Datum
2009-01-16
Advisory ID
MDVSA-2009:016
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Ian Jackson found a security issue in the QEMU block device drivers
backend that could allow a guest operating system to issue a block
device request and read or write arbitrary memory locations, which
could then lead to privilege escalation (CVE-2008-0928).

It was found that Xen allowed unprivileged DomU domains to overwrite
xenstore values which should only be changeable by the privileged
Dom0 domain. An attacker able to control a DomU domain could possibly
use this flaw to kill arbitrary processes in Dom0 or trick a Dom0
user into accessing the text console of a different domain running
on the same host. This update makes certain parts of xenstore tree
read-only to unprivilged DomU domains (CVE-2008-4405).

A vulnerability in the qemu-dm.debug script was found in how it
created a temporary file in /tmp. A local attacker in Dom0 could
potentially use this flaw to overwrite arbitrary files via a symlink
attack (CVE-2008-4993). Since this script is not used in production,
it has been removed from this update package.

The updated packages have been patched to prevent these issues.

Aktualisierte Pakete

CS4.0 x86_64

 450884c01338338d57834dd0b4947805  corporate/4.0/x86_64/xen-3.0.1-3.2.20060mlcs4.x86_64.rpm 
 22f6a2eced04422519cbf734df73d453  corporate/4.0/SRPMS/xen-3.0.1-3.2.20060mlcs4.src.rpm

CS4.0 i586

 3785ed3cf9eaf4abb8842713706daeb3  corporate/4.0/i586/xen-3.0.1-3.2.20060mlcs4.i586.rpm 
 22f6a2eced04422519cbf734df73d453  corporate/4.0/SRPMS/xen-3.0.1-3.2.20060mlcs4.src.rpm

Referenzen