[SECURITY] Fedora Core 6 Test Update: xen-3.0.3-8.fc6
Daniel Berrange
berrange at redhat.com
Thu Mar 15 22:26:45 UTC 2007
---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-343
2007-03-15
---------------------------------------------------------------------
Product : Fedora Core 6
Name : xen
Version : 3.0.3
Release : 8.fc6
Summary : Xen is a virtual machine monitor
Description :
This package contains the Xen hypervisor and Xen tools, needed to
run virtual machines on x86 systems, together with the kernel-xen*
packages. Information on how to use Xen can be found at the Xen
project pages.
Virtualisation can be used to run multiple versions or multiple
Linux distributions on one system, or to test untrusted applications
in a sandboxed environment.
---------------------------------------------------------------------
Update Information:
A flaw was found affecting the VNC server code in QEMU. On a
fullyvirtualized guest VM, where qemu monitor mode is
enabled, a user who had access to the VNC server could gain
the ability to read arbitrary files as root in the host
filesystem. (CVE-2007-0998)
---------------------------------------------------------------------
* Wed Mar 14 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-8.fc6
- Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295)
* Tue Mar 6 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script
* Thu Feb 15 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-6.fc6
- Improve hotplug error reporting
- Don't start PVFB daemon for HVM guests
- Conflict tag to force requirement of newer libvirt for PVFB changes
* Tue Jan 30 2007 Daniel P. Berrange <berrange at redhat.com> - 3.0.3-5.fc6
- disable ipv6 autoconf on xenbr* devices (rhbz#216504)
- Fixed destroyDevice callers
- Workaround 'Cannot allocate memory' HVM bug
- Santize man pages
* Mon Jan 15 2007 Markus Armbruster <armbru at redhat.com> - 3.0.3-4.fc6
- Update Xen paravirt framebuffer patch to upstream xen-unstable
changeset 13066. This changes the protocol to the one accepted
upstream.
- Add compatibility with guests running our initial protocol.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/
4909964b19864d0669a3c7f9a7850e7a08ee54c2 SRPMS/xen-3.0.3-8.fc6.src.rpm
4909964b19864d0669a3c7f9a7850e7a08ee54c2 noarch/xen-3.0.3-8.fc6.src.rpm
fe8f3c60cded039f4d3ae52b5bdffce4f637e38d x86_64/debug/xen-debuginfo-3.0.3-8.fc6.x86_64.rpm
afefbf2da04f1503e8bed49dbbccdec68b77da14 x86_64/xen-3.0.3-8.fc6.x86_64.rpm
964e39013a485669b20bebf23dff651304f63ae5 x86_64/xen-libs-3.0.3-8.fc6.x86_64.rpm
7f5296c48ec6f3bf34fb892ea1058e7cad70587d x86_64/xen-devel-3.0.3-8.fc6.x86_64.rpm
3a1a5fdf74c6b633dd319632b822ac9ed069591e i386/debug/xen-debuginfo-3.0.3-8.fc6.i386.rpm
e328262cd35838bfbe3bdab4ea758f34135b72d1 i386/xen-libs-3.0.3-8.fc6.i386.rpm
baa6605f92dc2363063ad56a176fa8c6317eb73b i386/xen-devel-3.0.3-8.fc6.i386.rpm
1d4ba397ebe398b52556cf47e60f4b8c0b85f5f6 i386/xen-3.0.3-8.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the test
mailing list