The ELF parser used by the Xen tools to read domains' kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems. A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host). References: http://lists.xen.org/archives/html/xen-devel/2013-06/msg00223.html Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Created xen tracking bugs for this issue Affects: fedora-all [bug 970640]
Update: http://www.openwall.com/lists/oss-security/2013/06/07/5
xen-4.2.2-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.2.2-6.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 761352 [details] Original Xen Security Advisory #55v4 Updated Xen Security Advisory with fixed patch series git changeset ids in xen.git. Reference: http://seclists.org/oss-sec/2013/q2/561
xen-4.1.5-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
CVE ids assigned as per: http://www.openwall.com/lists/oss-security/2013/06/20/2 http://www.openwall.com/lists/oss-security/2013/06/20/4
xen-4.2.2-7.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.1.5-6.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.2.2-7.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Statement: The risks associated with fixing this issue are greater than its security impact. This issue is not currently planned to be addressed in future xen updates for Red Hat Enterprise Linux 5.