- Package name
- Advisory ID
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Ian Jackson found a security issue in the QEMU block device drivers
backend that could allow a guest operating system to issue a block
device request and read or write arbitrary memory locations, which
could then lead to privilege escalation (CVE-2008-0928).
It was found that Xen allowed unprivileged DomU domains to overwrite
xenstore values which should only be changeable by the privileged
Dom0 domain. An attacker able to control a DomU domain could possibly
use this flaw to kill arbitrary processes in Dom0 or trick a Dom0
user into accessing the text console of a different domain running
on the same host. This update makes certain parts of xenstore tree
read-only to unprivilged DomU domains (CVE-2008-4405).
A vulnerability in the qemu-dm.debug script was found in how it
created a temporary file in /tmp. A local attacker in Dom0 could
potentially use this flaw to overwrite arbitrary files via a symlink
attack (CVE-2008-4993). Since this script is not used in production,
it has been removed from this update package.
The updated packages have been patched to prevent these issues.
450884c01338338d57834dd0b4947805 corporate/4.0/x86_64/xen-3.0.1-3.2.20060mlcs4.x86_64.rpm 22f6a2eced04422519cbf734df73d453 corporate/4.0/SRPMS/xen-3.0.1-3.2.20060mlcs4.src.rpm
3785ed3cf9eaf4abb8842713706daeb3 corporate/4.0/i586/xen-3.0.1-3.2.20060mlcs4.i586.rpm 22f6a2eced04422519cbf734df73d453 corporate/4.0/SRPMS/xen-3.0.1-3.2.20060mlcs4.src.rpm