Security: Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability

Quoting from Security Focus:

Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

Currently reported affected systems are:

  • RedHat Fedora Core6
  • RedHat Fedora Core5
  • RedHat Enterprise Linux Virtualization 5 server
  • RedHat Enterprise Linux Desktop Multi OS 5 client
  • RedHat Enterprise Linux Desktop 5 client
  • RedHat Enterprise Linux 5 server

Read the whole bulletin here.

It’s a sort of ironic that Red Hat, who had so much to say about Novell/Xen enterprise readiness, is exposing such Xen flaw just less than a week after its major OS release.