From: "S.Çağlar Onur" <caglar@pardus.org.tr>
To: xen-devel@lists.xensource.com
Cc: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
Date: Sat, 19 May 2007 14:48:37 +0300 [thread overview]
Message-ID: <200705191448.37624.caglar@pardus.org.tr> (raw)
In-Reply-To: <C2747292.7A95%Keir.Fraser@cl.cam.ac.uk>
[-- Attachment #1.1: Type: text/plain, Size: 1520 bytes --]
19 May 2007 Cts tarihinde, Keir Fraser şunları yazmıştı:
> On 19/5/07 00:39, "S.Çağlar Onur" <caglar@pardus.org.tr> wrote:
> > 19 Mar 2007 Pts tarihinde, Daniel P. Berrange şunları yazmıştı:
> >> This patch fixes a security issue present in any Xen 3.0.3 or later when
> >> the VNC server is enabled for a HVM guest.
> >>
> >> cf CVE-2007-0998 / the RHEL-5 security errata:
> >>
> >> http://rhn.redhat.com/errata/RHSA-2007-0114.html
> >
> > Same patch applies cleanly on Xen-3.1.0, is it forgetton?
>
> The patch is in 3.1.0.
Hmm, is that solved another way? Cause according to HG history its first
committed [1] then reverted [2]?
[caglar@zangetsu][~/svk/devel/applications/virtualization/xen]>
sha1sum /var/cache/pisi/archives/xen-3.1.0-src.tgz
fa4b54c36626f2cce9b15dc99cafda0b42c54777 /var/cache/pisi/archives/xen-3.1.0-src.tgz
[caglar@zangetsu][~/svk/devel/applications/virtualization/xen]> tar
xvf /var/cache/pisi/archives/xen-3.1.0-src.tgz
...
[caglar@zangetsu][~/svk/devel/applications/virtualization/xen/xen-3.1.0-src]>
patch -p1 < ../files/CVE-2007-0998.patch
patching file tools/ioemu/Makefile.target
patching file tools/ioemu/vnc.c
[1] http://xenbits.xensource.com/xen-3.0.5-testing.hg?rev/3375391fb0c9
[2] http://xenbits.xensource.com/xen-3.0.5-testing.hg?rev/3d7a4ac397b1
Cheers
--
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2007-05-19 11:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-19 20:25 PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server Daniel P. Berrange
2007-05-18 23:39 ` S.Çağlar Onur
2007-05-19 8:23 ` Keir Fraser
2007-05-19 11:48 ` S.Çağlar Onur [this message]
2007-05-19 11:52 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705191448.37624.caglar@pardus.org.tr \
--to=caglar@pardus.org.tr \
--cc=berrange@redhat.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.