Scientific Linux SL5.x: Important Xen Update for CVE-2011-1583 Critical DoS

Date: Tue, 10 May 2011 13:35:20 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: xen on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
MIME-Version: 1.0

Synopsis:	Important: xen security update
Issue date:	2011-05-09
CVE Names:	CVE-2011-1583

It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode()
decode routines did not correctly check for a possible buffer size
overflow in the decoding loop. As well, several integer overflow flaws
and missing error/range checking were found that could lead to an
infinite loop. A privileged guest user could use these flaws to crash
the guest or, possibly, execute arbitrary code in the privileged
management domain (Dom0). (CVE-2011-1583)

The system must be rebooted for this update to take effect.

SL 5.x

 SRPMS:
xen-3.0.3-120.el5_6.2.src.rpm
 i386:
xen-3.0.3-120.el5_6.2.i386.rpm
xen-devel-3.0.3-120.el5_6.2.i386.rpm
xen-libs-3.0.3-120.el5_6.2.i386.rpm
 For Dependancies:
e4fsprogs-1.41.9-3.el5.i386.rpm
e4fsprogs-devel-1.41.9-3.el5.i386.rpm
e4fsprogs-libs-1.41.9-3.el5.i386.rpm

 x86_64:
xen-3.0.3-120.el5_6.2.x86_64.rpm
xen-devel-3.0.3-120.el5_6.2.i386.rpm
xen-devel-3.0.3-120.el5_6.2.x86_64.rpm
xen-libs-3.0.3-120.el5_6.2.i386.rpm
xen-libs-3.0.3-120.el5_6.2.x86_64.rpm
 For Dependancies:
e4fsprogs-1.41.9-3.el5.x86_64.rpm
e4fsprogs-devel-1.41.9-3.el5.i386.rpm
e4fsprogs-devel-1.41.9-3.el5.x86_64.rpm
e4fsprogs-libs-1.41.9-3.el5.i386.rpm
e4fsprogs-libs-1.41.9-3.el5.x86_64.rpm

- Scientific Linux Development Team