Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU moni

To:	<caglar@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject:	Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	Sat, 19 May 2007 09:23:30 +0100
Delivery-date:	Sat, 19 May 2007 01:20:29 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<200705190239.13958.caglar@xxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AceZ7vtBOhN2qAXiEdyARQAWy6hiGQ==
Thread-topic:	[Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
User-agent:	Microsoft-Entourage/11.3.3.061214

On 19/5/07 00:39, "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx> wrote:

> 19 Mar 2007 Pts tarihinde, Daniel P. Berrange şunları yazmıştı:
>> This patch fixes a security issue present in any Xen 3.0.3 or later when
>> the VNC server is enabled for a HVM guest.
>> 
>> cf CVE-2007-0998 / the RHEL-5 security errata:
>> 
>>    http://rhn.redhat.com/errata/RHSA-2007-0114.html
> 
> Same patch applies cleanly on Xen-3.1.0, is it forgetton?

The patch is in 3.1.0.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in V