xen-3.0.3-64.3.1AXS3
エラータID: AXSA:2008-458:03
リリース日:
2008/11/05 Wednesday - 20:56
題名:
xen-3.0.3-64.3.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
[Security Fix]
- QEMU には、リムーバブルメディア変更処理に不備があり、ゲスト OS のユーザにホスト OS 上にある任意のファイルを読まれる脆弱性が存在します。 (CVE-2008-1945)
- Xen ioemu の XenSource Xen Para Virtualized Frame Buffer (PVFB) 用 バックエンドには、フレームバッファサイズの処理に不備があるため、サービス運用妨害状態 (DoS) の脆弱性が存在します。 (CVE-2008-1952)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-1945
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
CVE-2008-1952
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- xen-3.0.3-64.3.1AXS3.i386.rpm
MD5: 3f93fbf5a17139b36bffe20b423e5705
SHA-256: b4cd2287ad848c833b8054f56ca4186c0c9f1692acacd1a3734ba92616da9236
Size: 1.79 MB - xen-devel-3.0.3-64.3.1AXS3.i386.rpm
MD5: 5f01c16291ae82285798e522d09ace3a
SHA-256: 053b6272cd8ecf6986f52bb34484404bcb2cb353b72c5e30cea59be3e7ef4bd2
Size: 217.25 kB - xen-libs-3.0.3-64.3.1AXS3.i386.rpm
MD5: 732deb61430e180e17480a3075e43e34
SHA-256: 2401a44e1f01144d771bbb7b392e4054fb0225837e100669e2054ff37f3ef2de
Size: 142.32 kB
Asianux Server 3 for x86_64
- xen-3.0.3-64.3.1AXS3.x86_64.rpm
MD5: 7e2b299e79c3cb5924378a3ea53e545b
SHA-256: 9be387630b635f23aab56b02a377587d66ecbcfc48e1b3856b883fcf41e4f549
Size: 1.78 MB - xen-devel-3.0.3-64.3.1AXS3.x86_64.rpm
MD5: 7566bbd660e4bd9741e76f4f6e061696
SHA-256: fbac126b90391914d123bbed8f82f831ab829fd31604f6855c8ec6d86053f180
Size: 220.76 kB - xen-libs-3.0.3-64.3.1AXS3.x86_64.rpm
MD5: 4e3e70c75a67a056bf9b66bb58ff4f91
SHA-256: 90c31e84cac4aa5059850b88f0b2e395a1c3ce93dc9f5b9397503779a058934b
Size: 138.77 kB