Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 193808
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 193808 depends on: Show dependency tree
Bug 193808 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-09-25 22:05 0000 
According to RedHat:
  When booting a guest domain, pygrub uses Python exec() statements
  to process untrusted data from grub.conf.  By crafting a grub.conf
  file, the root user in a guest domain can trigger execution of
  arbitrary Python code in domain 0.

More details can be found on their bug:
  https://bugzilla.redhat.com/302801

------- Comment #1 From Robert Buchholz 2007-09-25 22:07:22 0000 ------- 
Unfixed upstream:
  http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068

------- Comment #2 From Micheal Marineau 2007-09-26 22:45:33 0000 ------- 
Fixed in xen-tools 3.0.4_p1-r1 and 3.1.0-r1.

------- Comment #3 From Robert Buchholz 2007-09-27 00:48:46 0000 ------- 
Mike, you're fast ;-)

[noglsa] because it's ~arch.

------- Comment #4 From Micheal Marineau 2007-09-28 07:28:15 0000 ------- 
*** Bug 194058 has been marked as a duplicate of this bug. ***

------- Comment #5 From Jakub Moc (RETIRED) 2007-10-02 10:54:40 0000 ------- 
*** Bug 194489 has been marked as a duplicate of this bug. ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug