Subject: Re: qemu security issue in xen
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Christoph Egger <Christoph_Egger@gmx.de>
List: port-xen
Date: 10/09/2007 10:34:14
On Monday 08 October 2007 21:18:26 Manuel Bouyer wrote:
> Hi,
> I've already said here that NetBSD/dom0 isn't affected by the pygrub
> security issue in Xen (at last if the xen tools have been installed from
> pkgsrc). Today I've been aware of 3 new issues, in the qemu part of the
> HVM support:
> http://secunia.com/advisories/26986/
> this affects NetBSD too, if the xentools3*-hvm package is installed.
> I just updated the pkg-vulnerabilities file to reflect this.
> AFAIK no patches have been released yet.

There are patches. You will need to upgrade to Xen 3.1.1
once this is out. A third release candidate is already available.

The security issue 2) is fixed in xen changeset 14914,
security issues 3) and 3) are fixed by changeset 15447.
They all are in Xen 3.1.1-rc3.

Christoph