search for: 27347d6d73a3

Hi, I''m trying to verify that the Xen I''m running is patched against the all the known published bugs. I''m running Fedora 7, which means I''m running Xen 3.1.2. I''ve checked the changelog in the Fedora package, and I can verify that all the bugs I''ve found are fixed except for one. http://www.securityfocus.com/bid/27219

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |