[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server

To: <caglar@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Sat, 19 May 2007 09:23:30 +0100
Delivery-date: Sat, 19 May 2007 01:20:29 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Thread-index: AceZ7vtBOhN2qAXiEdyARQAWy6hiGQ==
Thread-topic: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server

On 19/5/07 00:39, "S.ÃaÄlar Onur" <caglar@xxxxxxxxxxxxx> wrote:

> 19 Mar 2007 Pts tarihinde, Daniel P. Berrange ÅunlarÄ yazmÄÅtÄ:
>> This patch fixes a security issue present in any Xen 3.0.3 or later when
>> the VNC server is enabled for a HVM guest.
>> 
>> cf CVE-2007-0998 / the RHEL-5 security errata:
>> 
>>    http://rhn.redhat.com/errata/RHSA-2007-0114.html
> 
> Same patch applies cleanly on Xen-3.1.0, is it forgetton?

The patch is in 3.1.0.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
  - From: S.ÃaÄlar Onur

References:
- Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
  - From: S.ÃaÄlar Onur

Prev by Date: [Xen-devel] Re: [PATCH] calling zap_low_mappings breaks xen boot on the es7000
Next by Date: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
Previous by thread: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
Next by thread: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.