2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.1%
The xen packages contain tools for managing the virtual machine monitor in
Red Hat Virtualization.
It was discovered that the hypervisor’s para-virtualized framebuffer (PVFB)
backend failed to validate the frontend’s framebuffer description properly.
This could allow a privileged user in the unprivileged domain (DomU) to
cause a denial of service, or, possibly, elevate privileges to the
privileged domain (Dom0). (CVE-2008-1952)
A flaw was found in the QEMU block format auto-detection, when running
fully-virtualized guests and using Qemu images written on removable media
(USB storage, 3.5" disks). Privileged users of such fully-virtualized
guests (DomU), with a raw-formatted disk image, were able to write a header
to that disk image describing another format. This could allow such guests
to read arbitrary files in their hypervisor’s host (Dom0). (CVE-2008-1945)
Additionally, the following bug is addressed in this update:
Users of xen are advised to upgrade to these updated packages, which
resolve these security issues and fix this bug.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ia64 | xen-libs | < 3.0.3-64.el5_2.3 | xen-libs-3.0.3-64.el5_2.3.ia64.rpm |
RedHat | 5 | i386 | xen | < 3.0.3-64.el5_2.3 | xen-3.0.3-64.el5_2.3.i386.rpm |
RedHat | 5 | i386 | xen-libs | < 3.0.3-64.el5_2.3 | xen-libs-3.0.3-64.el5_2.3.i386.rpm |
RedHat | 5 | ia64 | xen-devel | < 3.0.3-64.el5_2.3 | xen-devel-3.0.3-64.el5_2.3.ia64.rpm |
RedHat | 5 | ia64 | xen | < 3.0.3-64.el5_2.3 | xen-3.0.3-64.el5_2.3.ia64.rpm |
RedHat | 5 | src | xen | < 3.0.3-64.el5_2.3 | xen-3.0.3-64.el5_2.3.src.rpm |
RedHat | 5 | x86_64 | xen-devel | < 3.0.3-64.el5_2.3 | xen-devel-3.0.3-64.el5_2.3.x86_64.rpm |
RedHat | 5 | x86_64 | xen | < 3.0.3-64.el5_2.3 | xen-3.0.3-64.el5_2.3.x86_64.rpm |
RedHat | 5 | i386 | xen-devel | < 3.0.3-64.el5_2.3 | xen-devel-3.0.3-64.el5_2.3.i386.rpm |
RedHat | 5 | x86_64 | xen-libs | < 3.0.3-64.el5_2.3 | xen-libs-3.0.3-64.el5_2.3.x86_64.rpm |