xen-3.0.3-64.9.1AXS3
エラータID: AXSA:2009-14:01
リリース日:
2009/01/23 Friday - 12:18
題名:
xen-3.0.3-64.9.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for ia64
Asianux Server 3 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Xen の qemu-dm.debug にはシンボリックリンク攻撃の脆弱性が存在します。(CVE-2008-4993)
- Xen の xend には、/local/domain xenstore ディレクトリツリーのコンテンツを限定をせず、このツリー内へのゲスト VM の書込みアクセスを制限しないため、サービス運用妨害 (DoS) やその他の詳細不明な脆弱性が存在します。(CVE-2008-4405)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-4993
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
CVE-2008-4405
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
追加情報:
N/A
ダウンロード:
SRPMS
- xen-3.0.3-64.9.1AXS3.src.rpm
MD5: 259592cb6d7ed7034cdb15470743f363
SHA-256: 4cf376a824028ff75984dece52752cf998ba58ef91b82687fc7139f3532c1a46
Size: 11.96 MB
Asianux Server 3 for x86
- xen-3.0.3-64.9.1AXS3.i386.rpm
MD5: 83b218203bd82a76e5a83eb79a172332
SHA-256: 1a6a2ab397a9243f7beb4cfb0ed625e3c0ea64aed38ccd51098f29b2a12f8e3a
Size: 1.79 MB - xen-devel-3.0.3-64.9.1AXS3.i386.rpm
MD5: 518082eed468093630aa3e9ebd6313e5
SHA-256: 3eceaac27cab8f262706f71c804cb04e66687c08ee03777a47fb76c6b4a11910
Size: 218.34 kB - xen-libs-3.0.3-64.9.1AXS3.i386.rpm
MD5: 793d23589ff4163e51ca765f677bd4d7
SHA-256: 3a13ba98949a6cbf64f8b41e36fbdefe432d08020a2a0f3a76ce91460c320b05
Size: 142.82 kB
Asianux Server 3 for x86_64
- xen-3.0.3-64.9.1AXS3.x86_64.rpm
MD5: ac490962ea1ec6bf263ecca7f44c850b
SHA-256: a158bc611ca50167aa215730233baaa400694bf79c213b408d2061430ea44b86
Size: 1.78 MB - xen-devel-3.0.3-64.9.1AXS3.x86_64.rpm
MD5: 605575bd9ff98186255fe21f0429f353
SHA-256: 13c3b983428ebc56ad788a95565c4bcd549a935d2f4c2b6a2291a1cc66b97d75
Size: 221.66 kB - xen-libs-3.0.3-64.9.1AXS3.x86_64.rpm
MD5: 92e6b477bd5a4c6491bd0509c295a919
SHA-256: c28cc51fad49d942eb98672607145d8efdaed3c65ff1717e049cb11c34b7bdd2
Size: 139.59 kB