483224 – app-emulation/xen: Information Leak (XSA-57) (CVE-2013-2211)

Bug 483224 - app-emulation/xen: Information Leak (XSA-57) (CVE-2013-2211)

Summary: app-emulation/xen: Information Leak (XSA-57) (CVE-2013-2211)

Status:	RESOLVED DUPLICATE of bug 472214

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2013-09-01 00:20 UTC by GLSAMaker/CVETool Bot
Modified:	2013-09-02 08:36 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2013-09-01 00:20:04 UTC

CVE-2013-2211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211):
  The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x
  uses weak permissions for xenstore keys for paravirtualised and emulated
  serial console devices, which allows local guest administrators to modify
  the xenstore value via unspecified vectors.


Upstream patches can be found in links at http://xenbits.xen.org/xsa/advisory-57.html

Comment 1 Agostino Sarubbo gentoo-dev

2013-09-01 08:39:20 UTC

see https://bugs.gentoo.org/show_bug.cgi?id=472214#c3

Comment 2 Sergey Popov gentoo-dev

2013-09-02 08:36:36 UTC


*** This bug has been marked as a duplicate of bug 472214 ***