LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-343 (xen)



From:
    	      "Daniel Berrange" <berrange@redhat.com>


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora Core 6 Update: xen-3.0.3-8.fc6


Date:
    	      Mon, 19 Mar 2007 18:58:48 -0400


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-343
2007-03-19
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : xen
Version     : 3.0.3
Release     : 8.fc6
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

---------------------------------------------------------------------
Update Information:

A flaw was found affecting the VNC server code in QEMU. On a
fullyvirtualized guest VM, where qemu monitor mode is
enabled, a user who had access to the VNC server could gain
the ability to read arbitrary files as root in the host
filesystem. (CVE-2007-0998)

---------------------------------------------------------------------
* Wed Mar 14 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-8.fc6
- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)
* Tue Mar  6 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/u...

1741f962baeb775c9e2519b18aa44e2831c0585f  SRPMS/xen-3.0.3-8.fc6.src.rpm
1741f962baeb775c9e2519b18aa44e2831c0585f  noarch/xen-3.0.3-8.fc6.src.rpm
c384423104620e719c2ae8fa2947ede9f675d4f7  x86_64/debug/xen-debuginfo-3.0.3-8.fc6.x86_64.rpm
9f865fd4ed56c4d35382c51bd00e2019156184c5  x86_64/xen-3.0.3-8.fc6.x86_64.rpm
4b458e342a7a6e54ee4260b2cfe5fa30eceda74f  x86_64/xen-libs-3.0.3-8.fc6.x86_64.rpm
1485f0bbde1c4f9cbe5fd591806007409cdc9e5c  x86_64/xen-devel-3.0.3-8.fc6.x86_64.rpm
e2cac6874e958ec27d6167b23171121b3df08ae9  i386/debug/xen-debuginfo-3.0.3-8.fc6.i386.rpm
435e65f7dd61f4164200f27d72f989571578c288  i386/xen-libs-3.0.3-8.fc6.i386.rpm
6a01404d96baaae8ca45dcd35bc2af6b61dd6f08  i386/xen-devel-3.0.3-8.fc6.i386.rpm
200dc86cf82dc8a7efa6144d037bb52928adf773  i386/xen-3.0.3-8.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds