Описание
ELSA-2009-0003: xen security and bug fix update (MODERATE)
[3.0.3-64.el5_2.9]
- More fixes for Xenstore unsafe data access (CVE-2008-4405, rhbz #464817)
- Fix block-detach regression due to (CVE-2008-4405, rhbz #473882)
[3.0.3-64.el5_2.8]
- Remove unneccessary patch & rebuild
[3.0.3-64.el5_2.7]
- Fix reboots after CVE-2008-4405 changes (rhbz #471588)
[3.0.3-64.el5_2.6]
- Remove qemu-dm.debug wrapper script (CVE-2008-4993, rhbz #470795)
[3.0.3-64.el5_2.5]
- Fix unsafe use of xenstore data (CVE-2008-4405, rhbz #464817)
[3.0.3-64.el5_2.4]
- Don't clobber wallclock on restore (rhbz #464455)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
xen
3.0.3-64.el5_2.9
xen-devel
3.0.3-64.el5_2.9
xen-libs
3.0.3-64.el5_2.9
Oracle Linux i386
xen
3.0.3-64.el5_2.9
xen-devel
3.0.3-64.el5_2.9
xen-libs
3.0.3-64.el5_2.9
Связанные CVE
Связанные уязвимости
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary f ...
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.