Source: xen-3 Version: 3.2.1-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-3.
CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute arbitrary code via a crafted | description of a shared framebuffer. CVE-2008-1944[1]: | Buffer overflow in the backend framebuffer of XenSource Xen | Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows | local users to cause a denial of service (SDL crash) and possibly | execute arbitrary code via "bogus screen updates," related to missing | validation of the "format of messages." CVE-2008-1952[2]: | ** RESERVED ** | This candidate has been reserved by an organization or individual that | will use it when announcing a new security problem. When the | candidate has been publicized, the details for this candidate will be | provided. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1943 http://security-tracker.debian.net/tracker/CVE-2008-1943 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1944 http://security-tracker.debian.net/tracker/CVE-2008-1944 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1952 http://security-tracker.debian.net/tracker/CVE-2008-1952 These issues are fixed within the following patch for fedora: http://cvs.fedoraproject.org/viewcvs/rpms/xen/F-9/xen-pvfb-validate-fb.patch?view=markup Kind regards, Thomas.
signature.asc
Description: Digital signature
