xen security update

2007-10-03T06:01:12
ID CESA-2007:0323
Type centos
Reporter CentOS Project
Modified 2007-10-03T06:01:12

Description

CentOS Errata and Security Advisory CESA-2007:0323

The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization.

The following security flaws are fixed in the updated Xen package:

Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. (CVE-2007-4993)

Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. (CVE-2007-1320)

Tavis Ormandy discovered insufficient input validation leading to a heap overflow in the Xen NE2000 network driver. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Xen does not use this driver by default. (CVE-2007-1321)

Users of Xen should update to these erratum packages containing backported patches which correct these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-October/026304.html http://lists.centos.org/pipermail/centos-announce/2007-October/026305.html

Affected packages: xen xen-devel xen-libs

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0323.html