[SECURITY] Fedora 7 Update: xen-3.1.0-8.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 1 21:13:20 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2708
2007-11-01 21:13:14.366542
--------------------------------------------------------------------------------

Name        : xen
Product     : Fedora 7
Version     : 3.1.0
Release     : 8.fc7
URL         : http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 26 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-8.fc7
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
* Wed Sep 26 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-7.fc7
- Fixed rtl8139 checksum calculation for Vista (rhbz #308201)
* Wed Sep 26 2007 Chris Lalancette <clalance at redhat.com> - 3.1.0-6.fc7
- QEmu NE2000 overflow check - CVE-2007-1321
- Pygrub guest escape - CVE-2007-4993
* Mon Sep 24 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-5.fc7
- Fix generation of manual pages (rhbz #250791)
- Fix 32-on-64 PVFB for FC6 legacy guests
* Mon Sep 24 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-4.fc7
- Fix VMX assist IRQ handling (rhbz #279581)
* Sun Sep 23 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-3.fc7
- Don't clobber the VIF type attribute in FV guests (rhbz #247122)
* Wed Aug  1 2007 Markus Armbruster <armbru at redhat.com>
- Put guest's native protocol ABI into xenstore, to provide for older
  kernels running 32-on-64.
- VNC keymap fixes
- Fix race conditions in LibVNCServer on client disconnect
* Mon Jun 11 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-2.fc7
- Remove patch which kills VNC monitor
- Fix HVM save/restore file path to be /var/lib/xen instead of /tmp
- Don't spawn a bogus xen-vncfb daemon for HVM guests
* Fri May 25 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-1.fc7
- Updated to official 3.1.0 tar.gz
- Fixed data corruption from VNC client disconnect (bz 241303)
* Thu May 17 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-0.rc7.2.fc7
- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406)
- Tear down guest if device hotplug fails
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #361981 - CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F7]
        https://bugzilla.redhat.com/show_bug.cgi?id=361981
  [ 2 ] Bug #350421 - CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss
        https://bugzilla.redhat.com/show_bug.cgi?id=350421
  [ 3 ] CVE-2007-3919
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3919
--------------------------------------------------------------------------------
Updated packages:

89ba4e22979893736cb61b70caa3e5e7a77170ca xen-libs-3.1.0-8.fc7.i386.rpm
56b134c3be7ab6d4732622b66a6c5d33f237dc2d xen-debuginfo-3.1.0-8.fc7.i386.rpm
b33d7128a8599486447abf8731fe939f666a359c xen-3.1.0-8.fc7.i386.rpm
6193f2ad155937fde780597a6d415d921aaf6b3b xen-devel-3.1.0-8.fc7.i386.rpm
6c3bcb0c8f9e42fec026cc96e19cf559fd65091b xen-devel-3.1.0-8.fc7.x86_64.rpm
d781c174b6d06e3e24c3c2aaaec1e8becfff3937 xen-debuginfo-3.1.0-8.fc7.x86_64.rpm
955e59cd752bcdd61ef04d427111f384c01e8a12 xen-libs-3.1.0-8.fc7.x86_64.rpm
61761900e3e7a85754f8e0f635755a75cf035258 xen-3.1.0-8.fc7.x86_64.rpm
2ab7b21f57438e78276f714a947aedfd6f2adfe0 xen-3.1.0-8.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xen' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list