[Pkg-xen-devel] Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
Nico Golde
nion at debian.org
Sat Nov 17 15:39:27 UTC 2007
Package: xen-3
Version: 3.1.0-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.
CVE-2007-5907[0]:
| Xen 3.1.1 does not prevent modification of the CR4 TSC from
| applications, which allows pv guests to cause a denial of service
| (crash).
CVE-2007-5906[1]:
| Xen 3.1.1 allows virtual guest system users to cause a
| denial of service (hypervisor crash) by using a debug
| register (DR7) to set certain breakpoints.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
A patch for these issues is linked on the mitre website.
The xen version in etch is also affected.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5907
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5906
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20071117/95708eb3/attachment.pgp
More information about the Pkg-xen-devel
mailing list