[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fedora] Mehrere Schwachstellen in der XEN Virtualisierungsumgebung vor Version 3.0.4 - FEDORA-2007-2270

To: win-sec-ssc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [Fedora] Mehrere Schwachstellen in der XEN Virtualisierungsumgebung vor Version 3.0.4 - FEDORA-2007-2270
From: WiN Site Security Contacts <win-sec-ssc@xxxxxxxxxxxxxxxxx>
Date: Fri, 5 Oct 2007 16:01:24 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2007-1321 - Heap Overflow im QEMU NE2000 Netzwerk Treiber

  Der QEMU NE2000 Treiber ueberprueft nicht, ob Pakete kleiner als die
  MTU sind, bevor sie in die Geraeteregister kopiert werden, wodurch ein
  Heap Overflow ausgeloest werden kann. Angreifer koennen diese
  Schwachstelle dazu ausnutzen, beliebigen Code mit den Rechten des
  Emulators auszufuehren.

CVE-2007-4993 - Schwachstelle im Pygrub Bootloader der Xen
Virtualisierungsumgebung

  Aufgrund von fehlerhaften 'exec()'-Statements in der Datei GrubConf.py
  werden Konfigurationsdaten beim Starten eines Gastsystems ausgefuehrt,
  ohne dass diese vorher ueberprueft werden. Ein lokaler Benutzer,
  welcher ueber Administratorrechte auf einem Gastsystem verfuegt, kann
  aufgrund dieser Schwachstelle beliebige Befehle in der Domaene 0
  ausfuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket xen

  Fedora 7

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
                Klaus Moeller, DFN-CERT


- --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2270
2007-10-03 21:11:03
- --------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 7
Version     : 3.1.0
Release     : 6.fc7
URL         : http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

- --------------------------------------------------------------------------------
Update Information:

Fixes a security flaw in pygrub handling of config files and a denial-of-service case in ne2k NIC for QEMU.

Fixes the case of disappearing network cards in fully-virtualized guests. NB, it only fixes it for guests created after this errata is installed & XenD restarted. Any pre-existing guests may continue to have problems. To fix existing guests, first ensure XenD has been restarted (service xend restart), then use virt-manager/virsh to remove the network card, and then add it back. This will correct the configuration stored in XenD permanently.

- --------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 26 2007 Chris Lalancette <clalance@xxxxxxxxxx> - 3.1.0-6.fc7
- - QEmu NE2000 overflow check - CVE-2007-1321
- - Pygrub guest escape - CVE-2007-4993
* Mon Sep 24 2007 Daniel P. Berrange <berrange@xxxxxxxxxx> - 3.1.0-5.fc7
- - Fix generation of manual pages (rhbz #250791)
- - Fix 32-on-64 PVFB for FC6 legacy guests
* Mon Sep 24 2007 Daniel P. Berrange <berrange@xxxxxxxxxx> - 3.1.0-4.fc7
- - Fix VMX assist IRQ handling (rhbz #279581)
* Sun Sep 23 2007 Daniel P. Berrange <berrange@xxxxxxxxxx> - 3.1.0-3.fc7
- - Don't clobber the VIF type attribute in FV guests (rhbz #247122)
* Wed Aug  1 2007 Markus Armbruster <armbru@xxxxxxxxxx>
- - Put guest's native protocol ABI into xenstore, to provide for older
  kernels running 32-on-64.
- - VNC keymap fixes
- - Fix race conditions in LibVNCServer on client disconnect
* Mon Jun 11 2007 Daniel P. Berrange <berrange@xxxxxxxxxx> - 3.1.0-2.fc7
- - Remove patch which kills VNC monitor
- - Fix HVM save/restore file path to be /var/lib/xen instead of /tmp
- - Don't spawn a bogus xen-vncfb daemon for HVM guests
* Fri May 25 2007 Daniel P. Berrange <berrange@xxxxxxxxxx> - 3.1.0-1.fc7
- - Updated to official 3.1.0 tar.gz
- - Fixed data corruption from VNC client disconnect (bz 241303)
* Thu May 17 2007 Daniel P. Berrange <berrange@xxxxxxxxxx> - 3.1.0-0.rc7.2.fc7
- - Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406)
- - Tear down guest if device hotplug fails
- --------------------------------------------------------------------------------
References:

  [ 1 ] Bug #247122 - Windows 2000 SP4+ guest does not see network card
        https://bugzilla.redhat.com/show_bug.cgi?id=247122
  [ 2 ] Bug #279581 - xm start raises 'TypeError: int argument required'
        https://bugzilla.redhat.com/show_bug.cgi?id=279581
  [ 3 ] CVE-2007-1321
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1321
  [ 4 ] CVE-2007-4993
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4993
- --------------------------------------------------------------------------------
Updated packages:

314a0c19e1ea7c6511775bb27603b4ca64336ce3 xen-devel-3.1.0-6.fc7.i386.rpm
7d62407bd1470b6df7878c594f16d9cdcaaba2c2 xen-3.1.0-6.fc7.i386.rpm
e7af639972801128410926468e8f13b5c790ab3a xen-libs-3.1.0-6.fc7.i386.rpm
2499de56aafec2ff23c32957e092c3b6c6d68a6b xen-debuginfo-3.1.0-6.fc7.i386.rpm
3bfb809dac6cc7589b5232e5c70f27fb9ef14264 xen-debuginfo-3.1.0-6.fc7.x86_64.rpm
102bc8e81305815da907a0c9d28e16f687435b09 xen-devel-3.1.0-6.fc7.x86_64.rpm
50b994595fce00d113f091f40f3abca4436813b7 xen-3.1.0-6.fc7.x86_64.rpm
edf2ae923a432118d51e6d572384379f2d04718a xen-libs-3.1.0-6.fc7.x86_64.rpm
79aa182050cb17e2c761116631d2e02c80722994 xen-3.1.0-6.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xen' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
- --------------------------------------------------------------------------------

- -- 
Dipl. Inform. Klaus Moeller (CSIRT)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Heidenkampsweg 41, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRwZDtBYd1iQZmhQQAQF0cggAqfVqQ2D3s7txrDY25QxdDTk/n4lkX2PM
XKtHWzYTqqse/S9dmhrCHkVosxi0vDBQEh7rxV+NjMITK1pKP+gyT51omKn73bS+
CoBz8YRj/PLfn8gu7zcOurxrHceHjPhucC08LMm6TQyjoSOX2uRZE1FUoTWTRhlX
Tn0fnNGtSuwLG7L4465dhcaysqWC8ypxnUN67f08Zs1mgIWhZTxVpmlv+Otyv+70
5WJhLF06nYAlfXLyEvS2gIFh/7YKmwXDhADxe3WPJi/63rGQdHyS0T51gCgPYl5f
GDKjSXlQ/h+sDzv07ezl7LTc20PaeYJeXg5RIcOOZj/cdpBksDe7eQ==
=IzZr
-----END PGP SIGNATURE-----

Prev by Date: [Fedora] Schwachstelle im KDM bis einschliesslich KDE Version 3.5.7 - FEDORA-2007-2361
Next by Date: [Fedora] Denial of Service Schwachstelle im Pidgin Instant Manager vor Version 2.2.1 - FEDORA-2007-2368
Previous by thread: [Fedora] Schwachstelle im KDM bis einschliesslich KDE Version 3.5.7 - FEDORA-2007-2361
Next by thread: [Fedora] Denial of Service Schwachstelle im Pidgin Instant Manager vor Version 2.2.1 - FEDORA-2007-2368
Index(es):
- Date
- Thread