[Pkg-xen-devel] Bug#444007: CVE-2007-1320 multiple heap based buffer overflows
Nico Golde
nion at debian.org
Tue Sep 25 12:12:19 UTC 2007
Package: xen-3.0
Version: 3.0.3-0-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.0.
CVE-2007-1320[0]:
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2 might allow local
| users to execute arbitrary code via unspecified vectors related to
| "attempting to mark non-existent regions as dirty," aka the "bitblt"
| heap overflow.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This also affects xen in etch.
Please have a look at:
http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00021.html
http://xenbits.xensource.com/xen-unstable.hg?rev/9e86260b95a4
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20070925/36ab315d/attachment.pgp
More information about the Pkg-xen-devel
mailing list