Fedora Account System
Red Hat Associate
Red Hat Customer
The libxenlight (libxl) toolstack library does not correctly set permissions on xenstore keys relating to paravirtualised and emulated serial console devices. This could allow a malicious guest administrator to change values in xenstore which the host later relies on being implicitly trusted. Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Statement: Not vulnerable. This issue does not affect the versions of the xen package as shipped with Red Hat Enterprise Linux 5 as it does not provide support for the libxl toolstack. This issue does not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG.
Now public via: http://seclists.org/oss-sec/2013/q2/608
Created xen tracking bugs for this issue Affects: fedora-all [bug 976779]
CVE id has been assigned: http://seclists.org/oss-sec/2013/q2/612