Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Scientific Linux SL5.x Moderate: Xen Security Update CVE-2012-2625

Scientific Large Esm H446
Moderate: xen security update
Date: Wed, 1 Aug 2012 10:09:32 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Patrick Riehecky 
Subject: Security ERRATA Moderate: xen on SL5.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: xen security update
Issue Date: 2012-07-31
CVE Numbers: CVE-2012-2625

The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Scientific
Linux.

A flaw was found in the way the pyGrub boot loader handled compressed
kernel images. A privileged guest user in a para-virtualized guest (a DomU)
could use this flaw to create a crafted kernel image that, when attempting
to boot it, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-2625)

All users of xen are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the xend service must be restarted for this update to
take effect.

SL5:
 i386
 xen-3.0.3-135.el5_8.4.i386.rpm
 xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
 xen-devel-3.0.3-135.el5_8.4.i386.rpm
 xen-libs-3.0.3-135.el5_8.4.i386.rpm
 x86_64
 xen-3.0.3-135.el5_8.4.x86_64.rpm
 xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
 xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm
 xen-devel-3.0.3-135.el5_8.4.i386.rpm
 xen-devel-3.0.3-135.el5_8.4.x86_64.rpm
 xen-libs-3.0.3-135.el5_8.4.i386.rpm
 xen-libs-3.0.3-135.el5_8.4.x86_64.rpm

- Scientific Linux Development Team
Your message here