On Sat, Nov 17, 2007 at 04:39:27PM +0100, Nico Golde wrote:
> CVE-2007-5907[0]:
> | Xen 3.1.1 does not prevent modification of the CR4 TSC from
> | applications, which allows pv guests to cause a denial of service
> | (crash).
Submitted patch looks too different to applied version. Not reviewed.
Postponed until someone shows that it is a crash in the hypervisor, the
commit is not marked as security fix.
> CVE-2007-5906[1]:
> | Xen 3.1.1 allows virtual guest system users to cause a
> | denial of service (hypervisor crash) by using a debug
> | register (DR7) to set certain breakpoints.
Fixed in xen-3.1-testing.hg in changeset 15493:27347d6d73a3, included in
3.1.2.
Bastian
--
Extreme feminine beauty is always disturbing.
-- Spock, "The Cloud Minders", stardate 5818.4
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
