[SECURITY] Fedora Core 6 Update: xen-3.0.3-8.fc6
Daniel Berrange
berrange at redhat.com
Mon Mar 19 22:58:48 UTC 2007
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-343
2007-03-19
---------------------------------------------------------------------
Product : Fedora Core 6
Name : xen
Version : 3.0.3
Release : 8.fc6
Summary : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages. Information on how to use Xen can be found at the Xen
project pages.
Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.
---------------------------------------------------------------------
Update Information:
A flaw was found affecting the VNC server code in QEMU. On a
fullyvirtualized guest VM, where qemu monitor mode is
enabled, a user who had access to the VNC server could gain
the ability to read arbitrary files as root in the host
filesystem. (CVE-2007-0998)
---------------------------------------------------------------------
* Wed Mar 14 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-8.fc6
- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)
* Tue Mar 6 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
1741f962baeb775c9e2519b18aa44e2831c0585f SRPMS/xen-3.0.3-8.fc6.src.rpm
1741f962baeb775c9e2519b18aa44e2831c0585f noarch/xen-3.0.3-8.fc6.src.rpm
c384423104620e719c2ae8fa2947ede9f675d4f7 x86_64/debug/xen-debuginfo-3.0.3-8.fc6.x86_64.rpm
9f865fd4ed56c4d35382c51bd00e2019156184c5 x86_64/xen-3.0.3-8.fc6.x86_64.rpm
4b458e342a7a6e54ee4260b2cfe5fa30eceda74f x86_64/xen-libs-3.0.3-8.fc6.x86_64.rpm
1485f0bbde1c4f9cbe5fd591806007409cdc9e5c x86_64/xen-devel-3.0.3-8.fc6.x86_64.rpm
e2cac6874e958ec27d6167b23171121b3df08ae9 i386/debug/xen-debuginfo-3.0.3-8.fc6.i386.rpm
435e65f7dd61f4164200f27d72f989571578c288 i386/xen-libs-3.0.3-8.fc6.i386.rpm
6a01404d96baaae8ca45dcd35bc2af6b61dd6f08 i386/xen-devel-3.0.3-8.fc6.i386.rpm
200dc86cf82dc8a7efa6144d037bb52928adf773 i386/xen-3.0.3-8.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list