Quoting from Security Focus:
Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.
An attacker can exploit this issue to access sensitive information that may aid in further attacks.
Currently reported affected systems are:
- RedHat Fedora Core6
- RedHat Fedora Core5
- RedHat Enterprise Linux Virtualization 5 server
- RedHat Enterprise Linux Desktop Multi OS 5 client
- RedHat Enterprise Linux Desktop 5 client
- RedHat Enterprise Linux 5 server
Read the whole bulletin here.
It’s a sort of ironic that Red Hat, who had so much to say about Novell/Xen enterprise readiness, is exposing such Xen flaw just less than a week after its major OS release.