Oval Definition:oval:com.redhat.rhsa:def:20070114
Revision Date:2008-03-20Version:638
Title:RHSA-2007:0114: xen security update (Important)
Description:The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization.

  • A flaw was found affecting the VNC server code in QEMU. On a fullyvirtualized guest VM, where qemu monitor mode is enabled, a user who had access to the VNC server could gain the ability to read arbitrary files as root in the host filesystem. (CVE-2007-0998)

    In addition to disabling qemu monitor mode, the following bugs were also fixed:

    Fix IA64 fully virtualized (VTi) shadow page table mode initialization.

    Fix network bonding in balanced-rr mode. Without this update, a network path loss could result in packet loss.

    Users of Xen should update to these erratum packages containing backported patches which correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-0998
    RHSA-2007:0114
    RHSA-2007:0114-02
    RHSA-2007:0114-02
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • xen is earlier than 0:3.0.3-25.0.3.el5
  • AND xen is signed with Red Hat redhatrelease2 key
  • xen-devel is earlier than 0:3.0.3-25.0.3.el5
  • AND xen-devel is signed with Red Hat redhatrelease2 key
  • xen-libs is earlier than 0:3.0.3-25.0.3.el5
  • AND xen-libs is signed with Red Hat redhatrelease2 key
    • BACK