[SECURITY] Fedora Core 6 Update: xen-3.0.3-12.fc6

Daniel Berrange berrange at redhat.com
Mon Oct 8 13:45:43 UTC 2007

Fedora Update Notification

Product     : Fedora Core 6
Name        : xen
Version     : 3.0.3
Release     : 12.fc6
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

Update Information:

Fixes a security flaw in pygrub handling of config files and
a denial-of-service case in ne2k NIC for QEMU.
* Wed Sep 26 2007 Chris Lalancette <clalance at redhat.com> - 3.0.3-12.fc6
- QEmu cirrus bitblit bounds check - CVE-2007-1320 (rhbz #238723)
- QEmu NE2000 overflow check - CVE-2007-1321 (rhbz #238723)
- Pygrub guest escape - CVE-2007-4993
* Wed Aug  1 2007 Markus Armbruster <armbru at redhat.com> - 3.0.3-11.fc6
- VNC keymap fixes
- Fix race conditions in LibVNCServer on client disconnect (bz 240012)
* Thu Jun 21 2007 Markus Armbruster <armbru at redhat.com> - 3.0.3-10.fc6
- Create xend-debug.log with sane permissions (bz 219868)

This update can be downloaded from:

484613b34cc8a413fe1b3572b848def93901e2ee  SRPMS/xen-3.0.3-12.fc6.src.rpm
484613b34cc8a413fe1b3572b848def93901e2ee  noarch/xen-3.0.3-12.fc6.src.rpm
ff66d2e5a02144749c5a7ee1eede9a79f1d42292  x86_64/xen-libs-3.0.3-12.fc6.x86_64.rpm
c2cf66a1fea52fafaba74f1e3f7270a16498ee0f  x86_64/xen-devel-3.0.3-12.fc6.x86_64.rpm
0571bf8254866a0444e1f72a4885a9a020b70712  x86_64/debug/xen-debuginfo-3.0.3-12.fc6.x86_64.rpm
2f31b5236539b93cc21d8d9c327ec8c7ff70a661  x86_64/xen-3.0.3-12.fc6.x86_64.rpm
32b9d45323e7f20a698ecbdb1f592f091198448e  i386/debug/xen-debuginfo-3.0.3-12.fc6.i386.rpm
36acff8e249a726970af02f449a5bd412ca0ccff  i386/xen-3.0.3-12.fc6.i386.rpm
2c58be5ce5b7affc54bde794d9120aa64830e232  i386/xen-devel-3.0.3-12.fc6.i386.rpm
1e31c12dab0fdd018eb5ed93962ef7058e1e4f30  i386/xen-libs-3.0.3-12.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the Fedora-package-announce mailing list