Your message dated Sat, 24 Nov 2007 14:02:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#447795: fixed in xen-3 3.1.2-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any local file when xenbaked or xenmon.py are invoked by root. Sample session: # setup. [EMAIL PROTECTED]:~$ ln -s /etc/passwd /tmp/xenq-shm # later. [EMAIL PROTECTED]:~$ sudo xenbaked # all gone. :( [EMAIL PROTECTED]:~$ ls -l /etc/passwd -rw-r--r-- 1 0 root 327680 2007-10-17 00:14 /etc/passwd This flaw is known as CVE-2007-3919 by the common vulnerabilities and exposures project. As the filename needs to be shared between xenmon.py + xenbaked.c a "random" one cannot easily be generated. The solution that Debian will use for its security update is to create the file in a location which is only writable by root - /var/run. Security advisory will be released very soon. Steve -- -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-xen-amd64 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages xen-utils-3.0.3-1 depends on: ii iproute 20061002-3 Professional tools to control the ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libncurses5 5.5-5 Shared libraries for terminal hand ii python 2.4.4-2 An interactive high-level object-o ii python-central 0.5.12 register and build utility for Pyt ii udev 0.105-4 /dev/ and hotplug management daemo ii xen-utils-common 3.0.3-0-2 XEN administrative tools - common ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages xen-utils-3.0.3-1 recommends: ii bridge-utils 1.2-1 Utilities for configuring the Linu ii xen-hypervisor-3.0.3-1-amd64 3.0.3-0-3 The Xen Hypervisor on AMD64 -- no debconf information
--- End Message ---
--- Begin Message ---Source: xen-3 Source-Version: 3.1.2-1 We believe that the bug you reported is fixed in the latest version of xen-3, which is due to be installed in the Debian FTP archive: xen-3_3.1.2-1.diff.gz to pool/main/x/xen-3/xen-3_3.1.2-1.diff.gz xen-3_3.1.2-1.dsc to pool/main/x/xen-3/xen-3_3.1.2-1.dsc xen-3_3.1.2.orig.tar.gz to pool/main/x/xen-3/xen-3_3.1.2.orig.tar.gz xen-docs-3.1_3.1.2-1_all.deb to pool/main/x/xen-3/xen-docs-3.1_3.1.2-1_all.deb xen-hypervisor-3.1-1-amd64_3.1.2-1_amd64.deb to pool/main/x/xen-3/xen-hypervisor-3.1-1-amd64_3.1.2-1_amd64.deb xen-utils-3.1-1_3.1.2-1_amd64.deb to pool/main/x/xen-3/xen-utils-3.1-1_3.1.2-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <[EMAIL PROTECTED]> (supplier of updated xen-3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 24 Nov 2007 13:24:45 +0000 Source: xen-3 Binary: xen-utils-3.1-1 xen-docs-3.1 xen-hypervisor-3.1-1-i386-nonpae xen-hypervisor-3.1-1-amd64 xen-hypervisor-3.1-1-i386 Architecture: source amd64 all Version: 3.1.2-1 Distribution: unstable Urgency: high Maintainer: Debian Xen Team <[EMAIL PROTECTED]> Changed-By: Bastian Blank <[EMAIL PROTECTED]> Description: xen-docs-3.1 - documentation for XEN, a Virtual Machine Monitor xen-hypervisor-3.1-1-amd64 - The Xen Hypervisor on AMD64 xen-utils-3.1-1 - XEN administrative tools Closes: 447795 451626 Changes: xen-3 (3.1.2-1) unstable; urgency=high . * New upstream release: - Move shared file into /var/run. (closes: #447795) See CVE-2007-3919. - x86: Fix various problems with debug-register handling. (closes: #451626) See CVE-2007-5906. Files: a29263a5eb861b21d4dd7fc6ad27d8e1 1154 misc extra xen-3_3.1.2-1.dsc 02ab987279136d59218638aa248a9e95 7779024 misc extra xen-3_3.1.2.orig.tar.gz e8f1c2eeb35b98f3d354a56b03dd6f31 26765 misc extra xen-3_3.1.2-1.diff.gz 40bb4f25cfef84ad1a951908cc871005 1099404 misc extra xen-docs-3.1_3.1.2-1_all.deb a14bbdfaaefbe7b16f24d3a4988a7e99 1126774 misc extra xen-utils-3.1-1_3.1.2-1_amd64.deb 43700dbc2d80afab077bc71324bb2597 361578 misc extra xen-hypervisor-3.1-1-amd64_3.1.2-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkdIKQkACgkQLkAIIn9ODhE2dwCdFGwlmLqPox571BEnwg+tCi+p c2IAoKACT0EqcLV9wV09w9vRSfDaf5/x =xniw -----END PGP SIGNATURE-----
--- End Message ---
