AXSA:2008-458:03

Release date: 
Wednesday, November 5, 2008 - 20:56
Subject: 
xen-3.0.3-64.3.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The xen packages contain tools for managing the virtual machine monitor
Bugs fixed:
CVE-2008-1945
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
CVE-2008-1952
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.

Solution: 

Update packages

Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. xen-3.0.3-64.3.1AXS3.i386.rpm
    MD5: 3f93fbf5a17139b36bffe20b423e5705
    SHA-256: b4cd2287ad848c833b8054f56ca4186c0c9f1692acacd1a3734ba92616da9236
    Size: 1.79 MB
  2. xen-devel-3.0.3-64.3.1AXS3.i386.rpm
    MD5: 5f01c16291ae82285798e522d09ace3a
    SHA-256: 053b6272cd8ecf6986f52bb34484404bcb2cb353b72c5e30cea59be3e7ef4bd2
    Size: 217.25 kB
  3. xen-libs-3.0.3-64.3.1AXS3.i386.rpm
    MD5: 732deb61430e180e17480a3075e43e34
    SHA-256: 2401a44e1f01144d771bbb7b392e4054fb0225837e100669e2054ff37f3ef2de
    Size: 142.32 kB

Asianux Server 3 for x86_64
  1. xen-3.0.3-64.3.1AXS3.x86_64.rpm
    MD5: 7e2b299e79c3cb5924378a3ea53e545b
    SHA-256: 9be387630b635f23aab56b02a377587d66ecbcfc48e1b3856b883fcf41e4f549
    Size: 1.78 MB
  2. xen-devel-3.0.3-64.3.1AXS3.x86_64.rpm
    MD5: 7566bbd660e4bd9741e76f4f6e061696
    SHA-256: fbac126b90391914d123bbed8f82f831ab829fd31604f6855c8ec6d86053f180
    Size: 220.76 kB
  3. xen-libs-3.0.3-64.3.1AXS3.x86_64.rpm
    MD5: 4e3e70c75a67a056bf9b66bb58ff4f91
    SHA-256: 90c31e84cac4aa5059850b88f0b2e395a1c3ce93dc9f5b9397503779a058934b
    Size: 138.77 kB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.