Hi, I''m trying to verify that the Xen I''m running is patched against the all the known published bugs. I''m running Fedora 7, which means I''m running Xen 3.1.2. I''ve checked the changelog in the Fedora package, and I can verify that all the bugs I''ve found are fixed except for one. http://www.securityfocus.com/bid/27219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907 The securityfocus page lists 3.1.2 as vulnerable, but that doesn''t seem right. The patch was submitted to xen in Oct 2007, and 3.1.2 came out in Nov 2007, so the patch should be in 3.1.2. Also, the nist pages don''t list 3.1.2 as vulnerable. I''ve poked around on the xenbits changelog, but I can''t find a big obvious "fixed CVE-2007-5906" entry. Can anyone clarify? Either if 3.1.2 is indeed patched against this bug, or if the Fedora 7 xen-3.1.2-1.fc7 is patched? Thanks! -Dylan _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
01 Şub 2008 Cum tarihinde, Dylan Martin şunları yazmıştı:> Can anyone clarify? Either if 3.1.2 is indeed patched against this > bug, or if the Fedora 7 xen-3.1.2-1.fc7 is patched?I have no idea about fedora-7 packages but needed patches seems committed long ago to xen-3.1-testing. caglar@zangetsu xen-3.1-testing.hg $ hg log -v -r 15493 changeset: 15493:27347d6d73a3 user: Keir Fraser <keir@xensource.com> date: Thu Nov 01 16:26:38 2007 +0000 files: xen/arch/x86/domain.c xen/arch/x86/hvm/svm/svm.c xen/arch/x86/hvm/svm/vmcb.c xen/arch/x86/hvm/vmx/vmx.c xen/arch/x86/traps.c xen/include/asm-x86/hvm/svm/vmcb.h xen/include/asm-x86/processor.h description: x86: Fix various problems with debug-register handling. Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Keir Fraser <keir@xensource.com> xen-unstable changeset: 16287:338f3c34e65605d9beb96176ef1a71c1262dbf14 xen-unstable date: Thu Nov 01 16:16:25 2007 +0000 -- S.Çağlar Onur <caglar@pardus.org.tr> http://cekirdek.pardus.org.tr/~caglar/ Linux is like living in a teepee. No Windows, no Gates and an Apache in house! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users