USN-527-1: xen-3.0 vulnerability

Ubuntu Security Notice USN-527-1

5th October, 2007

xen-3.0 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04

Software description

  • xen-3.0

Details

Joris van Rantwijk discovered that the Xen host did not correctly validate
the contents of a Xen guests's grug.conf file. Xen guest root users could
exploit this to run arbitrary commands on the host when the guest system
was rebooted.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.04:
xen-utils-3.0 3.0.3-0ubuntu10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2007-4993