Scientific Linux alert SL-xen-20120801 (xen)

From:
    	     
 
riehecky@fnal.gov 
To:
    	     
 
scientific-linux-errata@fnal.gov 
Subject:
    	     
 
Security ERRATA Moderate: xen on SL5.x i386/x86_64 
Date:
    	     
 
Wed, 1 Aug 2012 10:09:32 -0500
Message-ID:
    	     
 
<201208011509.q71F9WAx001247@fefmon2.fnal.gov>
Archive-link:
    	     
 
Article, Thread
              
Synopsis:    Moderate: xen security update
Issue Date:  2012-07-31
CVE Numbers: CVE-2012-2625


The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Scientific
Linux.

A flaw was found in the way the pyGrub boot loader handled compressed
kernel images. A privileged guest user in a para-virtualized guest (a DomU)
could use this flaw to create a crafted kernel image that, when attempting
to boot it, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-2625)

All users of xen are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the xend service must be restarted for this update to
take effect.

SL5:
  i386
     xen-3.0.3-135.el5_8.4.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
     xen-devel-3.0.3-135.el5_8.4.i386.rpm
     xen-libs-3.0.3-135.el5_8.4.i386.rpm
  x86_64
     xen-3.0.3-135.el5_8.4.x86_64.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm
     xen-devel-3.0.3-135.el5_8.4.i386.rpm
     xen-devel-3.0.3-135.el5_8.4.x86_64.rpm
     xen-libs-3.0.3-135.el5_8.4.i386.rpm
     xen-libs-3.0.3-135.el5_8.4.x86_64.rpm

- Scientific Linux Development Team