[SECURITY] Fedora Core 6 Update: xen-3.0.3-8.fc6

Daniel Berrange berrange at redhat.com
Mon Mar 19 22:58:48 UTC 2007

Fedora Update Notification

Product     : Fedora Core 6
Name        : xen
Version     : 3.0.3
Release     : 8.fc6
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

Update Information:

A flaw was found affecting the VNC server code in QEMU. On a
fullyvirtualized guest VM, where qemu monitor mode is
enabled, a user who had access to the VNC server could gain
the ability to read arbitrary files as root in the host
filesystem. (CVE-2007-0998)

* Wed Mar 14 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-8.fc6
- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)
* Tue Mar  6 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script

This update can be downloaded from:

1741f962baeb775c9e2519b18aa44e2831c0585f  SRPMS/xen-3.0.3-8.fc6.src.rpm
1741f962baeb775c9e2519b18aa44e2831c0585f  noarch/xen-3.0.3-8.fc6.src.rpm
c384423104620e719c2ae8fa2947ede9f675d4f7  x86_64/debug/xen-debuginfo-3.0.3-8.fc6.x86_64.rpm
9f865fd4ed56c4d35382c51bd00e2019156184c5  x86_64/xen-3.0.3-8.fc6.x86_64.rpm
4b458e342a7a6e54ee4260b2cfe5fa30eceda74f  x86_64/xen-libs-3.0.3-8.fc6.x86_64.rpm
1485f0bbde1c4f9cbe5fd591806007409cdc9e5c  x86_64/xen-devel-3.0.3-8.fc6.x86_64.rpm
e2cac6874e958ec27d6167b23171121b3df08ae9  i386/debug/xen-debuginfo-3.0.3-8.fc6.i386.rpm
435e65f7dd61f4164200f27d72f989571578c288  i386/xen-libs-3.0.3-8.fc6.i386.rpm
6a01404d96baaae8ca45dcd35bc2af6b61dd6f08  i386/xen-devel-3.0.3-8.fc6.i386.rpm
200dc86cf82dc8a7efa6144d037bb52928adf773  i386/xen-3.0.3-8.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the Fedora-package-announce mailing list