[Pkg-xen-devel] possible XEN vulnerabilities?
Steffen Joeris
steffen.joeris at skolelinux.de
Thu May 22 10:58:22 UTC 2008
Dear Xen Maintainers
The following CVEs(0,1) have been filled against xen. Could you please check,
whether they affect any debian versions and how important they are?
They are rather left over on our TODO list and I'd like to forward them to you
for checking.
CVE-2008-1944:
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized
Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a
denial of service (SDL crash) and possibly execute arbitrary code via "bogus
screen updates," related to missing validation of the "format of messages."
CVE-2008-1943:
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer
(PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted description of a
shared framebuffer.
Cheers
Steffen
(0): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1944
(1): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1943
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080522/523e5fe4/attachment.pgp
More information about the Pkg-xen-devel
mailing list