Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat Enterprise Linux 5: RHSA-2007:0323-01 Important Code Risk

red hat
Calendar Grey October 2, 2007
Dist Redhat Esm H88
Important kernel upgrade released for Debian OS. Fixes several vulnerabilities affecting performance and safety. Take immediate action to protect!
An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. Joris van Rantwijk found a flaw in the Pygrub utility which is used as a ...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

237342 - CVE-2007-1320 xen Cirrus LGD-54XX "bitblt" Heap Overflow 237343 - CVE-2007-1321 xen QEMU NE2000 emulation issues 302801 - CVE-2007-4993 xen guest root can escape to domain 0 through pygrub

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS: 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm

i386: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm

x86_64: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm 8869650a19cb4001e7aa1d1fa1dc562f xen-libs-3.0.3-25.0.4.el5.x86_64.rpm

RHEL Desktop Multi OS (v. 5 client):

SRPMS: 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm

i386: f41141cc620e161fedd68456d91c0103 xen-3.0.3-25.0.4.el5.i386.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm

x86_64: 8821c1ad48035acc660ec5b1df3a1cb1 xen-3.0.3-25.0.4.el5.x86_64.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm 29ef0e6e5097bd82e44d8492bb8cfe5f xen-devel-3.0.3-25.0.4.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS: 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm

i386: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm

ia64: 97d55e42bdc3fa09378f240db42d8dcb xen-debuginfo-3.0.3-25.0.4.el5.ia64.rpm 09a0ab57a37644e796eb9d13efac90cb xen-libs-3.0.3-25.0.4.el5.ia64.rpm

x86_64: e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm e4dca4285b1c8fd877527ec278e9d835 xen-libs-3.0.3-25.0.4.el5.i386.rpm 8869650a19cb4001e7aa1d1fa1dc562f xen-libs-3.0.3-25.0.4.el5.x86_64.rpm

RHEL Virtualization (v. 5 server):

SRPMS: 226cf2369c7df9af07a8494f310680dc xen-3.0.3-25.0.4.el5.src.rpm

i386: f41141cc620e161fedd68456d91c0103 xen-3.0.3-25.0.4.el5.i386.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm

ia64: aae6a104ac9d96a2258083a2037091e7 xen-3.0.3-25.0.4.el5.ia64.rpm 97d55e42bdc3fa09378f240db42d8dcb xen-debuginfo-3.0.3-25.0.4.el5.ia64.rpm fbf21cbabba81747c23c9462a88e934b xen-devel-3.0.3-25.0.4.el5.ia64.rpm

x86_64: 8821c1ad48035acc660ec5b1df3a1cb1 xen-3.0.3-25.0.4.el5.x86_64.rpm e00efb4070466dc19899057695469862 xen-debuginfo-3.0.3-25.0.4.el5.i386.rpm e767f1732863dfa85c0b1878d63b3e51 xen-debuginfo-3.0.3-25.0.4.el5.x86_64.rpm 29bcc93687b19f3388db33fbc7967466 xen-devel-3.0.3-25.0.4.el5.i386.rpm 29ef0e6e5097bd82e44d8492bb8cfe5f xen-devel-3.0.3-25.0.4.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2007-1320 https://www.cve.org/CVERecord?id=CVE-2007-1321 https://www.cve.org/CVERecord?id=CVE-2007-4993 https://access.redhat.com/security/updates/classification#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2007:0323-01
Issue date: 2007-10-02
Updated on: 2007-10-02
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Multi OS (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64

RHEL Virtualization (v. 5 server) - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here