LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2007-2708 (xen)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: xen-3.1.0-8.fc7


Date:
    	      Thu, 01 Nov 2007 14:13:20 -0700


Message-ID:
    	      <200711012113.lA1LDPhA030735@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2708
2007-11-01 21:13:14.366542
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 7
Version     : 3.1.0
Release     : 8.fc7
URL         : http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 26 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-8.fc7
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
* Wed Sep 26 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-7.fc7
- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)
* Wed Sep 26 2007 Chris Lalancette <clalance@redhat.com> - 3.1.0-6.fc7
- QEmu NE2000 overflow check - CVE-2007-1321
- Pygrub guest escape - CVE-2007-4993
* Mon Sep 24 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-5.fc7
- Fix generation of manual pages (rhbz #250791)
- Fix 32-on-64 PVFB for FC6 legacy guests
* Mon Sep 24 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-4.fc7
- Fix VMX assist IRQ handling (rhbz #279581)
* Sun Sep 23 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-3.fc7
- Don't clobber the VIF type attribute in FV guests (rhbz #247122)
* Wed Aug  1 2007 Markus Armbruster <armbru@redhat.com>
- Put guest's native protocol ABI into xenstore, to provide for older
  kernels running 32-on-64.
- VNC keymap fixes
- Fix race conditions in LibVNCServer on client disconnect
* Mon Jun 11 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-2.fc7
- Remove patch which kills VNC monitor
- Fix HVM save/restore file path to be /var/lib/xen instead of /tmp
- Don't spawn a bogus xen-vncfb daemon for HVM guests
* Fri May 25 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-1.fc7
- Updated to official 3.1.0 tar.gz
- Fixed data corruption from VNC client disconnect (bz 241303)
* Thu May 17 2007 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-0.rc7.2.fc7
- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406)
- Tear down guest if device hotplug fails
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #361981 - CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F7]
        https://bugzilla.redhat.com/show_bug.cgi?id=361981
  [ 2 ] Bug #350421 - CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss
        https://bugzilla.redhat.com/show_bug.cgi?id=350421
  [ 3 ] CVE-2007-3919
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
--------------------------------------------------------------------------------
Updated packages:

89ba4e22979893736cb61b70caa3e5e7a77170ca xen-libs-3.1.0-8.fc7.i386.rpm
56b134c3be7ab6d4732622b66a6c5d33f237dc2d xen-debuginfo-3.1.0-8.fc7.i386.rpm
b33d7128a8599486447abf8731fe939f666a359c xen-3.1.0-8.fc7.i386.rpm
6193f2ad155937fde780597a6d415d921aaf6b3b xen-devel-3.1.0-8.fc7.i386.rpm
6c3bcb0c8f9e42fec026cc96e19cf559fd65091b xen-devel-3.1.0-8.fc7.x86_64.rpm
d781c174b6d06e3e24c3c2aaaec1e8becfff3937 xen-debuginfo-3.1.0-8.fc7.x86_64.rpm
955e59cd752bcdd61ef04d427111f384c01e8a12 xen-libs-3.1.0-8.fc7.x86_64.rpm
61761900e3e7a85754f8e0f635755a75cf035258 xen-3.1.0-8.fc7.x86_64.rpm
2ab7b21f57438e78276f714a947aedfd6f2adfe0 xen-3.1.0-8.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xen' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds