[ MDVSA-2009:016 ] xen

[dude67]

Ian Jackson found a security issue in the QEMU block device drivers
backend that could allow a guest operating system to issue a block
device request and read or write arbitrary memory locations, which
could then lead to privilege escalation (CVE-2008-0928).

It was found that Xen allowed unprivileged DomU domains to overwrite
xenstore values which should only be changeable by the privileged
Dom0 domain. An attacker able to control a DomU domain could possibly
use this flaw to kill arbitrary processes in Dom0 or trick a Dom0
user into accessing the text console of a different domain running
on the same host. This update makes certain parts of xenstore tree
read-only to unprivilged DomU domains (CVE-2008-4405).

A vulnerability in the qemu-dm.debug script was found in how it
created a temporary file in /tmp. A local attacker in Dom0 could
potentially use this flaw to overwrite arbitrary files via a symlink
attack (CVE-2008-4993). Since this script is not used in production,
it has been removed from this update package.

The updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-0928
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4405
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4993
_______________________________________________________________________