| 1 |
marineam 07/10/23 19:09:10 |
| 2 |
|
| 3 |
Added: xen-tools-3.1.1-insecure-file-creation-fix.patch |
| 4 |
digest-xen-tools-3.1.0-r2 digest-xen-tools-3.1.1-r1 |
| 5 |
digest-xen-tools-3.0.4_p1-r2 |
| 6 |
Removed: digest-xen-tools-3.1.0-r1 digest-xen-tools-3.1.1 |
| 7 |
digest-xen-tools-3.0.4_p1-r1 |
| 8 |
Log: |
| 9 |
Security fix |
| 10 |
(Portage version: 2.1.3.9) |
| 11 |
|
| 12 |
Revision Changes Path |
| 13 |
1.1 app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch |
| 14 |
|
| 15 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch?rev=1.1&view=markup |
| 16 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch?rev=1.1&content-type=text/plain |
| 17 |
|
| 18 |
Index: xen-tools-3.1.1-insecure-file-creation-fix.patch |
| 19 |
=================================================================== |
| 20 |
|
| 21 |
# HG changeset patch |
| 22 |
# User Keir Fraser <keir@×××××××××.com> |
| 23 |
# Date 1193128003 -3600 |
| 24 |
# Node ID b28ae5f00553ea053bd4e4576634d8ea49e77bc3 |
| 25 |
# Parent 118a21c66fd53a08d7191159e5b2888f8d9e4ad2 |
| 26 |
xenmon: Fix security vulnerability CVE-2007-3919. |
| 27 |
|
| 28 |
The xenbaked daemon and xenmon utility communicate via a mmap'ed |
| 29 |
shared file. Since this file is located in /tmp, unprivileged users |
| 30 |
can cause arbitrary files to be truncated by creating a symlink from |
| 31 |
the well-known /tmp filename to e.g., /etc/passwd. |
| 32 |
|
| 33 |
The fix is to place the shared file in a directory to which only root |
| 34 |
should have access (in this case /var/run/). |
| 35 |
|
| 36 |
This bug was reported, and the fix suggested, by Steve Kemp |
| 37 |
<skx@××××××.org>. Thanks! |
| 38 |
|
| 39 |
Signed-off-by: Keir Fraser <keir@×××××××××.com> |
| 40 |
|
| 41 |
--- a/tools/xenmon/xenbaked.c Mon Oct 22 21:06:11 2007 +0100 |
| 42 |
+++ b/tools/xenmon/xenbaked.c Tue Oct 23 09:26:43 2007 +0100 |
| 43 |
@@ -589,7 +589,7 @@ error_t cmd_parser(int key, char *arg, s |
| 44 |
return 0; |
| 45 |
} |
| 46 |
|
| 47 |
-#define SHARED_MEM_FILE "/tmp/xenq-shm" |
| 48 |
+#define SHARED_MEM_FILE "/var/run/xenq-shm" |
| 49 |
void alloc_qos_data(int ncpu) |
| 50 |
{ |
| 51 |
int i, n, pgsize, off=0; |
| 52 |
--- a/tools/xenmon/xenmon.py Mon Oct 22 21:06:11 2007 +0100 |
| 53 |
+++ b/tools/xenmon/xenmon.py Tue Oct 23 09:26:43 2007 +0100 |
| 54 |
@@ -46,7 +46,7 @@ QOS_DATA_SIZE = struct.calcsize(ST_QDATA |
| 55 |
QOS_DATA_SIZE = struct.calcsize(ST_QDATA)*NSAMPLES + struct.calcsize(ST_DOM_INFO)*NDOMAINS + struct.calcsize("4i") |
| 56 |
|
| 57 |
# location of mmaped file, hard coded right now |
| 58 |
-SHM_FILE = "/tmp/xenq-shm" |
| 59 |
+SHM_FILE = "/var/run/xenq-shm" |
| 60 |
|
| 61 |
# format strings |
| 62 |
TOTALS = 15*' ' + "%6.2f%%" + 35*' ' + "%6.2f%%" |
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r2 |
| 68 |
|
| 69 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r2?rev=1.1&view=markup |
| 70 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.0-r2?rev=1.1&content-type=text/plain |
| 71 |
|
| 72 |
Index: digest-xen-tools-3.1.0-r2 |
| 73 |
=================================================================== |
| 74 |
MD5 b7ae1f652b071862ae4c90b72d549627 xen-3.1.0-src.tgz 6831094 |
| 75 |
RMD160 2fd65a3b81e522d0ed2d62fd11e5977167f1ceb3 xen-3.1.0-src.tgz 6831094 |
| 76 |
SHA256 b5d7cea6deeee1439e8883fed4b3f1a8e4f675b4af8148178721f99bd76676b7 xen-3.1.0-src.tgz 6831094 |
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.1.1-r1 |
| 81 |
|
| 82 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.1-r1?rev=1.1&view=markup |
| 83 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.1.1-r1?rev=1.1&content-type=text/plain |
| 84 |
|
| 85 |
Index: digest-xen-tools-3.1.1-r1 |
| 86 |
=================================================================== |
| 87 |
MD5 d5bafac9c819206d6a85c11352cc90fd xen-3.1.1.tgz 6868014 |
| 88 |
RMD160 23f522a76815a64ba18eaf9eec19f38ea01e8c32 xen-3.1.1.tgz 6868014 |
| 89 |
SHA256 c6c986177e75e41e7412920d453b5b759568a90266b09e2fea6043f8890f75e2 xen-3.1.1.tgz 6868014 |
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
1.1 app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r2 |
| 94 |
|
| 95 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r2?rev=1.1&view=markup |
| 96 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-emulation/xen-tools/files/digest-xen-tools-3.0.4_p1-r2?rev=1.1&content-type=text/plain |
| 97 |
|
| 98 |
Index: digest-xen-tools-3.0.4_p1-r2 |
| 99 |
=================================================================== |
| 100 |
MD5 e85e16ad3dc354338e3ac4a8951f9649 xen-3.0.4_1-src.tgz 6473636 |
| 101 |
RMD160 f869eec35f6afe0bc9824ce2eb4a600f789d423b xen-3.0.4_1-src.tgz 6473636 |
| 102 |
SHA256 6b3842393e69a9c8fcdbc2789d05830aba6f1d108a6f97f1448de4a86f92a5cb xen-3.0.4_1-src.tgz 6473636 |
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
-- |
| 107 |
gentoo-commits@g.o mailing list |
Archives