USN-527-1: xen-3.0 vulnerability

5 October 2007

xen-3.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04

Software Description

  • xen-3.0

Details

Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests’s grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
xen-utils-3.0 - 3.0.3-0ubuntu10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References