[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] DR7 and CR4

To: Xen-users@xxxxxxxxxxxxxxxxxxx
From: "Dylan Martin" <dmartin@xxxxxxxxxxxx>
Date: Fri, 1 Feb 2008 10:06:27 -0800
Delivery-date: Fri, 01 Feb 2008 10:07:03 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi, I'm trying to verify that the Xen I'm running is patched against
the all the known published bugs.  I'm running Fedora 7, which means
I'm running Xen 3.1.2.  I've checked the changelog in the Fedora
package, and I can verify that all the bugs I've found are fixed
except for one.

http://www.securityfocus.com/bid/27219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907

The securityfocus page lists 3.1.2 as vulnerable, but that doesn't
seem right.  The patch was submitted to xen in Oct 2007, and 3.1.2
came out in Nov 2007, so the patch should be in 3.1.2.  Also, the nist
pages don't list 3.1.2 as vulnerable.  I've poked around on the
xenbits changelog, but I can't find a big obvious "fixed
CVE-2007-5906" entry.

Can anyone clarify?  Either if 3.1.2 is indeed patched against this
bug, or if the Fedora 7 xen-3.1.2-1.fc7 is patched?

Thanks!
-Dylan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] DR7 and CR4
  - From: S.ÃaÄlar Onur

Prev by Date: Re: [Xen-users] mount a partition
Next by Date: [Xen-users] not able to install Hitache 160GB driver on domU
Previous by thread: [Xen-users] remote NFS mount timeout issues
Next by thread: Re: [Xen-users] DR7 and CR4
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.