WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in V

To: xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
From: "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx>
Date: Sat, 19 May 2007 02:39:13 +0300
Delivery-date: Fri, 18 May 2007 16:37:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070319202528.GI17442@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: TÜBİTAK / UEKAE
References: <20070319202528.GI17442@xxxxxxxxxx>
Reply-to: caglar@xxxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.7
19 Mar 2007 Pts tarihinde, Daniel P. Berrange şunları yazmıştı: 
> This patch fixes a security issue present in any Xen 3.0.3 or later when
> the VNC server is enabled for a HVM guest.
>
> cf CVE-2007-0998 / the RHEL-5 security errata:
>
>    http://rhn.redhat.com/errata/RHSA-2007-0114.html

Same patch applies cleanly on Xen-3.1.0, is it forgetton?

-- 
S.Çağlar Onur <caglar@xxxxxxxxxxxxx>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>