[Pkg-xen-devel] Bug#487095: xen-3: multiple security issues

Thu Jun 19 14:56:54 UTC 2008

Source: xen-3
Version: 3.2.1-1
Severity: grave
Tags: security, patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for xen-3.

CVE-2008-1943[0]:
| Buffer overflow in the backend of XenSource Xen Para Virtualized Frame
| Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial
| of service (crash) and possibly execute arbitrary code via a crafted
| description of a shared framebuffer.

CVE-2008-1944[1]:
| Buffer overflow in the backend framebuffer of XenSource Xen
| Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows
| local users to cause a denial of service (SDL crash) and possibly
| execute arbitrary code via "bogus screen updates," related to missing
| validation of the "format of messages."

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1943
    http://security-tracker.debian.net/tracker/CVE-2008-1943
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1944
    http://security-tracker.debian.net/tracker/CVE-2008-1944
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1952
    http://security-tracker.debian.net/tracker/CVE-2008-1952

These issues are fixed within the following patch for fedora:
http://cvs.fedoraproject.org/viewcvs/rpms/xen/F-9/xen-pvfb-validate-fb.patch?view=markup

Kind regards,
Thomas.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080619/ab4dec23/attachment.pgp 