WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in V

from [S.Çağlar Onur] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
From: "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx>
Date: Sat, 19 May 2007 14:48:37 +0300
Cc: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Delivery-date: Sat, 19 May 2007 04:47:07 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C2747292.7A95%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: TÜBİTAK / UEKAE
References: <C2747292.7A95%Keir.Fraser@xxxxxxxxxxxx>
Reply-to: caglar@xxxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.7 
19 May 2007 Cts tarihinde, Keir Fraser şunları yazmıştı: 
> On 19/5/07 00:39, "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx> wrote:
> > 19 Mar 2007 Pts tarihinde, Daniel P. Berrange şunları yazmıştı:
> >> This patch fixes a security issue present in any Xen 3.0.3 or later when
> >> the VNC server is enabled for a HVM guest.
> >>
> >> cf CVE-2007-0998 / the RHEL-5 security errata:
> >>
> >>    http://rhn.redhat.com/errata/RHSA-2007-0114.html
> >
> > Same patch applies cleanly on Xen-3.1.0, is it forgetton?
>
> The patch is in 3.1.0.

Hmm, is that solved another way? Cause according to HG history its first 
committed [1] then reverted [2]?

[caglar@zangetsu][~/svk/devel/applications/virtualization/xen]> 
sha1sum /var/cache/pisi/archives/xen-3.1.0-src.tgz
fa4b54c36626f2cce9b15dc99cafda0b42c54777  
/var/cache/pisi/archives/xen-3.1.0-src.tgz

[caglar@zangetsu][~/svk/devel/applications/virtualization/xen]> tar 
xvf /var/cache/pisi/archives/xen-3.1.0-src.tgz
...

[caglar@zangetsu][~/svk/devel/applications/virtualization/xen/xen-3.1.0-src]> 
patch -p1 < ../files/CVE-2007-0998.patch
patching file tools/ioemu/Makefile.target
patching file tools/ioemu/vnc.c

[1] http://xenbits.xensource.com/xen-3.0.5-testing.hg?rev/3375391fb0c9
[2] http://xenbits.xensource.com/xen-3.0.5-testing.hg?rev/3d7a4ac397b1

Cheers
-- 
S.Çağlar Onur <caglar@xxxxxxxxxxxxx>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server, Keir Fraser
Next by Date:  Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server, Keir Fraser
Previous by Thread:  Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server, Keir Fraser
Next by Thread:  Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy