WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in V

from [S.Çağlar Onur] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
From: "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx>
Date: Sat, 19 May 2007 02:39:13 +0300
Delivery-date: Fri, 18 May 2007 16:37:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070319202528.GI17442@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: TÜBİTAK / UEKAE
References: <20070319202528.GI17442@xxxxxxxxxx>
Reply-to: caglar@xxxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.7 
19 Mar 2007 Pts tarihinde, Daniel P. Berrange şunları yazmıştı: 
> This patch fixes a security issue present in any Xen 3.0.3 or later when
> the VNC server is enabled for a HVM guest.
>
> cf CVE-2007-0998 / the RHEL-5 security errata:
>
>    http://rhn.redhat.com/errata/RHSA-2007-0114.html

Same patch applies cleanly on Xen-3.1.0, is it forgetton?

-- 
S.Çağlar Onur <caglar@xxxxxxxxxxxxx>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] Cannot find Xen Python modules, S.Çağlar Onur
Next by Date:  Re: [Xen-devel] [PATCH] Enabling vtpm causes installation error, Ulrich Drepper
Previous by Thread:  [Xen-devel] [PATCH] Cannot find Xen Python modules, S.Çağlar Onur
Next by Thread:  Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy