CentOS Errata and Security Advisory CESA-2008:0892
The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization.
It was discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain (DomU) to cause a denial of service, or, possibly, elevate privileges to the privileged domain (Dom0). (CVE-2008-1952)
A flaw was found in the QEMU block format auto-detection, when running fully-virtualized guests and using Qemu images written on removable media (USB storage, 3.5" disks). Privileged users of such fully-virtualized guests (DomU), with a raw-formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945)
Additionally, the following bug is addressed in this update:
Users of xen are advised to upgrade to these updated packages, which resolve these security issues and fix this bug.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-October/015299.html http://lists.centos.org/pipermail/centos-announce/2008-October/015300.html
Affected packages: xen xen-devel xen-libs
Upstream details at: https://rhn.redhat.com/errata/RHSA-2008-0892.html