Skip to navigation

Security Advisory Important: xen security update

Advisory: RHSA-2007:0114-5
Type: Security Advisory
Severity: Important
Issued on: 2007-03-14
Last updated on: 2007-03-14
Affected Products: RHEL Desktop Multi OS (v. 5 client)
RHEL Virtualization (v. 5 server)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-0998

Details

An updated Xen package to fix one security issue and two bugs is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Xen package contains the tools for managing the virtual machine monitor
in Red Hat Enterprise Linux virtualization.

A flaw was found affecting the VNC server code in QEMU. On a
fullyvirtualized guest VM, where qemu monitor mode is enabled, a user who
had access to the VNC server could gain the ability to read arbitrary files
as root in the host filesystem. (CVE-2007-0998)

In addition to disabling qemu monitor mode, the following bugs were also fixed:

* Fix IA64 fully virtualized (VTi) shadow page table mode initialization.

* Fix network bonding in balanced-rr mode. Without this update, a network
path loss could result in packet loss.

Users of Xen should update to these erratum packages containing backported
patches which correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Multi OS (v. 5 client)

SRPMS:
xen-3.0.3-25.0.3.el5.src.rpm
File outdated by:  RHBA-2013:0846
    MD5: 21c113a6005f92e634de2e81e75d8f8b
 
IA-32:
xen-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 572e398fbc504adaae182b3ba040920f
xen-devel-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 160836bd41a0d666fd7a6289f718c741
 
x86_64:
xen-3.0.3-25.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2013:0846
    MD5: 2d5a582377d3874bb25fcc75615cb27a
xen-devel-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 160836bd41a0d666fd7a6289f718c741
xen-devel-3.0.3-25.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2013:0846
    MD5: 2bac7c8ac7e7748385712eaf3755beaf
 
RHEL Virtualization (v. 5 server)

SRPMS:
xen-3.0.3-25.0.3.el5.src.rpm
File outdated by:  RHBA-2013:0846
    MD5: 21c113a6005f92e634de2e81e75d8f8b
 
IA-32:
xen-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 572e398fbc504adaae182b3ba040920f
xen-devel-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 160836bd41a0d666fd7a6289f718c741
 
IA-64:
xen-3.0.3-25.0.3.el5.ia64.rpm
File outdated by:  RHBA-2013:0846
    MD5: b9e42bf5e3afbd84b2e15b1aab7f502d
xen-devel-3.0.3-25.0.3.el5.ia64.rpm
File outdated by:  RHBA-2013:0846
    MD5: b36f6d2d4c0c8df85085ce10ba0e854f
 
x86_64:
xen-3.0.3-25.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2013:0846
    MD5: 2d5a582377d3874bb25fcc75615cb27a
xen-devel-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 160836bd41a0d666fd7a6289f718c741
xen-devel-3.0.3-25.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2013:0846
    MD5: 2bac7c8ac7e7748385712eaf3755beaf
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xen-3.0.3-25.0.3.el5.src.rpm
File outdated by:  RHBA-2013:0846
    MD5: 21c113a6005f92e634de2e81e75d8f8b
 
IA-32:
xen-libs-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 92f7eabd5a9a6f918d83141eb71c7593
 
IA-64:
xen-libs-3.0.3-25.0.3.el5.ia64.rpm
File outdated by:  RHBA-2013:0846
    MD5: b18a6c8850c5a5253d96b02aab29cb7d
 
x86_64:
xen-libs-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 92f7eabd5a9a6f918d83141eb71c7593
xen-libs-3.0.3-25.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2013:0846
    MD5: c460c527934aa3270aa425c5dd15ca66
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xen-3.0.3-25.0.3.el5.src.rpm
File outdated by:  RHBA-2013:0846
    MD5: 21c113a6005f92e634de2e81e75d8f8b
 
IA-32:
xen-libs-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 92f7eabd5a9a6f918d83141eb71c7593
 
x86_64:
xen-libs-3.0.3-25.0.3.el5.i386.rpm
File outdated by:  RHBA-2013:0846
    MD5: 92f7eabd5a9a6f918d83141eb71c7593
xen-libs-3.0.3-25.0.3.el5.x86_64.rpm
File outdated by:  RHBA-2013:0846
    MD5: c460c527934aa3270aa425c5dd15ca66
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

230295 - CVE-2007-0998 HVM guest VNC server allows compromise of entire host OS by any VNC console user


References


Keywords

console, ia64, qemu, VTi, xen


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/