drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in Xen
Name: |
Pufferüberlauf in Xen |
|
ID: |
FEDORA-2012-1539 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
So, 19. Februar 2012, 10:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029 |
|
Applikationen: |
Xen |
|
Originalnachricht |
Name : xen Product : Fedora 15 Version : 4.1.2 Release : 6.fc15 URL : http://xen.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor
------------------------------------------------------------------------------- - Update Information:
Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029], Start building xen's ocaml, fix a crash and turn a backtrace into an ordinary error ------------------------------------------------------------------------------- - ChangeLog:
* Thu Feb 2 2012 Michael Young <m.a.young@durham.ac.uk> - 4.1.2-6 - Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029] * Sat Jan 28 2012 Michael Young <m.a.young@durham.ac.uk> - 4.1.2-5 - Start building xen's ocaml libraries if appropriate unless --without ocaml was specified - add some backported patches from xen unstable (via Debian) for some ocaml tidying and fixes * Sun Jan 15 2012 Michael Young <m.a.young@durham.ac.uk> - 4.1.2-4 - actually apply the xend-pci-loop.patch - compile fixes for gcc-4.7 * Wed Jan 11 2012 Michael Young <m.a.young@durham.ac.uk> - 4.1.2-3 - Add xend-pci-loop.patch to stop xend crashing with weird PCI cards (#767742) - avoid a backtrace if xend can't log to the standard file or a temporary directory (part of #741042) * Mon Nov 21 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.2-2 - Fix lost interrupts on emulated devices - stop xend crashing if its state files are empty at start up - avoid a python backtrace if xend is run on bare metal - update grub2 configuration after the old hypervisor has gone - move blktapctrl to systemd - Drop obsolete dom0-kernel.repo file * Fri Oct 21 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.2-1 - update to 4.1.2 remove upstream patches xen-4.1-testing.23104 and xen-4.1-testing.23112 * Fri Oct 14 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-8 - more pygrub improvements for grub2 on guest * Thu Oct 13 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-7 - make pygrub work better with GPT partitions and grub2 on guest * Thu Sep 29 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-5 4.1.1-6 - improve systemd functionality * Wed Sep 28 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-4 - lsb header fixes - xenconsoled shutdown needs xenstored to be running - partial migration to systemd to fix shutdown delays - update grub2 configuration after hypervisor updates * Sun Aug 14 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-3 - untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131] * Wed Jul 20 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-2 - clean up patch to solve a problem with hvmloader compiled with gcc 4.6 * Wed Jun 15 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.1-1 - update to 4.1.1 includes various bugfixes and fix for [CVE-2011-1898] guest with pci passthrough can gain privileged access to base domain - remove upstream cve-2011-1583-4.1.patch * Mon May 9 2011 Michael Young <m.a.young@durham.ac.uk> - 4.1.0-2 - Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest [CVE-2011-1583] - Don't require /usr/bin/qemu-nbd as it isn't used at present. ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update xen' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|