[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
19 May 2007 Cts tarihinde, Keir Fraser ÅunlarÄ yazmÄÅtÄ: > On 19/5/07 00:39, "S.ÃaÄlar Onur" <caglar@xxxxxxxxxxxxx> wrote: > > 19 Mar 2007 Pts tarihinde, Daniel P. Berrange ÅunlarÄ yazmÄÅtÄ: > >> This patch fixes a security issue present in any Xen 3.0.3 or later when > >> the VNC server is enabled for a HVM guest. > >> > >> cf CVE-2007-0998 / the RHEL-5 security errata: > >> > >> http://rhn.redhat.com/errata/RHSA-2007-0114.html > > > > Same patch applies cleanly on Xen-3.1.0, is it forgetton? > > The patch is in 3.1.0. Hmm, is that solved another way? Cause according to HG history its first committed [1] then reverted [2]? [caglar@zangetsu][~/svk/devel/applications/virtualization/xen]> sha1sum /var/cache/pisi/archives/xen-3.1.0-src.tgz fa4b54c36626f2cce9b15dc99cafda0b42c54777 /var/cache/pisi/archives/xen-3.1.0-src.tgz [caglar@zangetsu][~/svk/devel/applications/virtualization/xen]> tar xvf /var/cache/pisi/archives/xen-3.1.0-src.tgz ... [caglar@zangetsu][~/svk/devel/applications/virtualization/xen/xen-3.1.0-src]> patch -p1 < ../files/CVE-2007-0998.patch patching file tools/ioemu/Makefile.target patching file tools/ioemu/vnc.c [1] http://xenbits.xensource.com/xen-3.0.5-testing.hg?rev/3375391fb0c9 [2] http://xenbits.xensource.com/xen-3.0.5-testing.hg?rev/3d7a4ac397b1 Cheers -- S.ÃaÄlar Onur <caglar@xxxxxxxxxxxxx> http://cekirdek.pardus.org.tr/~caglar/ Linux is like living in a teepee. No Windows, no Gates and an Apache in house! Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |