1 |
marineam 07/10/23 19:09:10 |
2 |
|
3 |
Added: xen-tools-3.1.1-insecure-file-creation-fix.patch |
4 |
digest-xen-tools-3.1.0-r2 digest-xen-tools-3.1.1-r1 |
5 |
digest-xen-tools-3.0.4_p1-r2 |
6 |
Removed: digest-xen-tools-3.1.0-r1 digest-xen-tools-3.1.1 |
7 |
digest-xen-tools-3.0.4_p1-r1 |
8 |
Log: |
9 |
Security fix |
10 |
(Portage version: 2.1.3.9) |
11 |
|
12 |
Revision Changes Path |
13 |
1.1 app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch |
14 |
|
15 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch?rev=1.1&view=markup |
16 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch?rev=1.1&content-type=text/plain |
17 |
|
18 |
Index: xen-tools-3.1.1-insecure-file-creation-fix.patch |
19 |
=================================================================== |
20 |
|
21 |
# HG changeset patch |
22 |
# User Keir Fraser <keir@×××××××××.com> |
23 |
# Date 1193128003 -3600 |
24 |
# Node ID b28ae5f00553ea053bd4e4576634d8ea49e77bc3 |
25 |
# Parent 118a21c66fd53a08d7191159e5b2888f8d9e4ad2 |
26 |
xenmon: Fix security vulnerability CVE-2007-3919. |
27 |
|
28 |
The xenbaked daemon and xenmon utility communicate via a mmap'ed |
29 |
shared file. Since this file is located in /tmp, unprivileged users |
30 |
can cause arbitrary files to be truncated by creating a symlink from |
31 |
the well-known /tmp filename to e.g., /etc/passwd. |
32 |
|
33 |
The fix is to place the shared file in a directory to which only root |
34 |
should have access (in this case /var/run/). |
35 |
|
36 |
This bug was reported, and the fix suggested, by Steve Kemp |
37 |
<skx@××××××.org>. Thanks! |
38 |
|
39 |
Signed-off-by: Keir Fraser <keir@×××××××××.com> |
40 |
|
41 |
--- a/tools/xenmon/xenbaked.c Mon Oct 22 21:06:11 2007 +0100 |
42 |
+++ b/tools/xenmon/xenbaked.c Tue Oct 23 09:26:43 2007 +0100 |
43 |
@@ -589,7 +589,7 @@ error_t cmd_parser(int key, char *arg, s |
44 |
return 0; |
45 |
} |
46 |
|
47 |
-#define SHARED_MEM_FILE "/tmp/xenq-shm" |
48 |
+#define SHARED_MEM_FILE "/var/run/xenq-shm" |
49 |
void alloc_qos_data(int ncpu) |
50 |
{ |
51 |
int i, n, pgsize, off=0; |
52 |
--- a/tools/xenmon/xenmon.py Mon Oct 22 21:06:11 2007 +0100 |
53 |
+++ b/tools/xenmon/xenmon.py Tue Oct 23 09:26:43 2007 +0100 |
54 |
@@ -46,7 +46,7 @@ QOS_DATA_SIZE = struct.calcsize(ST_QDATA |
55 |
QOS_DATA_SIZE = struct.calcsize(ST_QDATA)*NSAMPLES + struct.calcsize(ST_DOM_INFO)*NDOMAINS + struct.calcsize("4i") |
56 |
|
57 |
# location of mmaped file, hard coded right now |
58 |
-SHM_FILE = "/tmp/xenq-shm" |
59 |
+SHM_FILE = "/var/run/xenq-shm" |
60 |
|
61 |
# format strings |
62 |
TOTALS = 15*' ' + "%6.2f%%" + 35*' ' + "%6.2f%%" |
63 |
|
64 |
|
65 |
|
66 |
|
67 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r2 |
68 |
|
69 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r2?rev=1.1&view=markup |
70 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r2?rev=1.1&content-type=text/plain |
71 |
|
72 |
Index: digest-xen-tools-3.1.0-r2 |
73 |
=================================================================== |
74 |
MD5 b7ae1f652b071862ae4c90b72d549627 xen-3.1.0-src.tgz 6831094 |
75 |
RMD160 2fd65a3b81e522d0ed2d62fd11e5977167f1ceb3 xen-3.1.0-src.tgz 6831094 |
76 |
SHA256 b5d7cea6deeee1439e8883fed4b3f1a8e4f675b4af8148178721f99bd76676b7 xen-3.1.0-src.tgz 6831094 |
77 |
|
78 |
|
79 |
|
80 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.1.1-r1 |
81 |
|
82 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.1-r1?rev=1.1&view=markup |
83 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.1-r1?rev=1.1&content-type=text/plain |
84 |
|
85 |
Index: digest-xen-tools-3.1.1-r1 |
86 |
=================================================================== |
87 |
MD5 d5bafac9c819206d6a85c11352cc90fd xen-3.1.1.tgz 6868014 |
88 |
RMD160 23f522a76815a64ba18eaf9eec19f38ea01e8c32 xen-3.1.1.tgz 6868014 |
89 |
SHA256 c6c986177e75e41e7412920d453b5b759568a90266b09e2fea6043f8890f75e2 xen-3.1.1.tgz 6868014 |
90 |
|
91 |
|
92 |
|
93 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r2 |
94 |
|
95 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r2?rev=1.1&view=markup |
96 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r2?rev=1.1&content-type=text/plain |
97 |
|
98 |
Index: digest-xen-tools-3.0.4_p1-r2 |
99 |
=================================================================== |
100 |
MD5 e85e16ad3dc354338e3ac4a8951f9649 xen-3.0.4_1-src.tgz 6473636 |
101 |
RMD160 f869eec35f6afe0bc9824ce2eb4a600f789d423b xen-3.0.4_1-src.tgz 6473636 |
102 |
SHA256 6b3842393e69a9c8fcdbc2789d05830aba6f1d108a6f97f1448de4a86f92a5cb xen-3.0.4_1-src.tgz 6473636 |
103 |
|
104 |
|
105 |
|
106 |
-- |
107 |
gentoo-commits@g.o mailing list |