New Search

RHSA-2009:0003 -- xen security and bug fix update (Moderate)

oval:org.mitre.oval:def:28776

Updated xen packages that resolve several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a DomU domain could potentially use this flaw to kill arbitrary processes in Dom0 or trick a Dom0 user into accessing the text console of a different domain running on the same host. This update makes certain parts of the xenstore tree read-only to the unprivileged DomU domains. (CVE-2008-4405)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2009:0003
  • CESA-2009:0003-CentOS 5
  • CVE-2008-4405
  • CVE-2008-4993
Product(s):
  • xen