Fedora 7 : xen-3.1.0-8.fc7 (2007-2708)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Fri Oct 26 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-8.fc7

- Fixed xenbaked tmpfile flaw (CVE-2007-3919)

- Wed Sep 26 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-7.fc7

- Fixed rtl8139 checksum calculation for Vista (rhbz
#308201)

- Wed Sep 26 2007 Chris Lalancette <clalance at
redhat.com> - 3.1.0-6.fc7

- QEmu NE2000 overflow check - CVE-2007-1321

- Pygrub guest escape - CVE-2007-4993

- Mon Sep 24 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-5.fc7

- Fix generation of manual pages (rhbz #250791)

- Fix 32-on-64 PVFB for FC6 legacy guests

- Mon Sep 24 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-4.fc7

- Fix VMX assist IRQ handling (rhbz #279581)

- Sun Sep 23 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-3.fc7

- Don't clobber the VIF type attribute in FV guests
(rhbz #247122)

- Wed Aug 1 2007 Markus Armbruster <armbru at
redhat.com>

- Put guest's native protocol ABI into xenstore, to
provide for older kernels running 32-on-64.

- VNC keymap fixes

- Fix race conditions in LibVNCServer on client
disconnect

- Mon Jun 11 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-2.fc7

- Remove patch which kills VNC monitor

- Fix HVM save/restore file path to be /var/lib/xen
instead of /tmp

- Don't spawn a bogus xen-vncfb daemon for HVM guests

- Fri May 25 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-1.fc7

- Updated to official 3.1.0 tar.gz

- Fixed data corruption from VNC client disconnect (bz
241303)

- Thu May 17 2007 Daniel P. Berrange <berrange at
redhat.com> - 3.1.0-0.rc7.2.fc7

- Ensure xen-vncfb processes are cleanedup if guest
quits (bz 240406)

- Tear down guest if device hotplug fails

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=350421
https://bugzilla.redhat.com/show_bug.cgi?id=361981
http://www.nessus.org/u?4fe30cec

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 27794 (fedora_2007-2708.nasl)

Bugtraq ID:

CVE ID: CVE-2007-1321
CVE-2007-3919
CVE-2007-4993

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now