[SECURITY] Fedora 7 Update: xen-3.1.0-6.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 4 18:44:08 UTC 2007

Fedora Update Notification
2007-10-03 21:11:03

Name        : xen
Product     : Fedora 7
Version     : 3.1.0
Release     : 6.fc7
URL         : http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
Summary     : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages.  Information on how to use Xen can be found at the Xen
project pages.

Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.

Update Information:

Fixes a security flaw in pygrub handling of config files and a denial-of-service case in ne2k NIC for QEMU.

Fixes the case of disappearing network cards in fully-virtualized guests. NB, it only fixes it for guests created after this errata is installed & XenD restarted. Any pre-existing guests may continue to have problems. To fix existing guests, first ensure XenD has been restarted (service xend restart), then use virt-manager/virsh to remove the network card, and then add it back. This will correct the configuration stored in XenD permanently.


* Wed Sep 26 2007 Chris Lalancette <clalance at redhat.com> - 3.1.0-6.fc7
- QEmu NE2000 overflow check - CVE-2007-1321
- Pygrub guest escape - CVE-2007-4993
* Mon Sep 24 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-5.fc7
- Fix generation of manual pages (rhbz #250791)
- Fix 32-on-64 PVFB for FC6 legacy guests
* Mon Sep 24 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-4.fc7
- Fix VMX assist IRQ handling (rhbz #279581)
* Sun Sep 23 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-3.fc7
- Don't clobber the VIF type attribute in FV guests (rhbz #247122)
* Wed Aug  1 2007 Markus Armbruster <armbru at redhat.com>
- Put guest's native protocol ABI into xenstore, to provide for older
  kernels running 32-on-64.
- VNC keymap fixes
- Fix race conditions in LibVNCServer on client disconnect
* Mon Jun 11 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-2.fc7
- Remove patch which kills VNC monitor
- Fix HVM save/restore file path to be /var/lib/xen instead of /tmp
- Don't spawn a bogus xen-vncfb daemon for HVM guests
* Fri May 25 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-1.fc7
- Updated to official 3.1.0 tar.gz
- Fixed data corruption from VNC client disconnect (bz 241303)
* Thu May 17 2007 Daniel P. Berrange <berrange at redhat.com> - 3.1.0-0.rc7.2.fc7
- Ensure xen-vncfb processes are cleanedup if guest quits (bz 240406)
- Tear down guest if device hotplug fails

  [ 1 ] Bug #247122 - Windows 2000 SP4+ guest does not see network card
  [ 2 ] Bug #279581 - xm start raises 'TypeError: int argument required'
  [ 3 ] CVE-2007-1321
  [ 4 ] CVE-2007-4993
Updated packages:

314a0c19e1ea7c6511775bb27603b4ca64336ce3 xen-devel-3.1.0-6.fc7.i386.rpm
7d62407bd1470b6df7878c594f16d9cdcaaba2c2 xen-3.1.0-6.fc7.i386.rpm
e7af639972801128410926468e8f13b5c790ab3a xen-libs-3.1.0-6.fc7.i386.rpm
2499de56aafec2ff23c32957e092c3b6c6d68a6b xen-debuginfo-3.1.0-6.fc7.i386.rpm
3bfb809dac6cc7589b5232e5c70f27fb9ef14264 xen-debuginfo-3.1.0-6.fc7.x86_64.rpm
102bc8e81305815da907a0c9d28e16f687435b09 xen-devel-3.1.0-6.fc7.x86_64.rpm
50b994595fce00d113f091f40f3abca4436813b7 xen-3.1.0-6.fc7.x86_64.rpm
edf2ae923a432118d51e6d572384379f2d04718a xen-libs-3.1.0-6.fc7.x86_64.rpm
79aa182050cb17e2c761116631d2e02c80722994 xen-3.1.0-6.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xen' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list