SCIENTIFIC-LINUX-ERRATA Archives

May 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: xen on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 10 May 2011 13:35:20 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (42 lines) 
Synopsis:	Important: xen security update
Issue date:	2011-05-09
CVE Names:	CVE-2011-1583

It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() 
decode routines did not correctly check for a possible buffer size 
overflow in the decoding loop. As well, several integer overflow flaws 
and missing error/range checking were found that could lead to an 
infinite loop. A privileged guest user could use these flaws to crash 
the guest or, possibly, execute arbitrary code in the privileged 
management domain (Dom0). (CVE-2011-1583)

The system must be rebooted for this update to take effect.

SL 5.x

      SRPMS:
xen-3.0.3-120.el5_6.2.src.rpm
      i386:
xen-3.0.3-120.el5_6.2.i386.rpm
xen-devel-3.0.3-120.el5_6.2.i386.rpm
xen-libs-3.0.3-120.el5_6.2.i386.rpm
   For Dependancies:
e4fsprogs-1.41.9-3.el5.i386.rpm
e4fsprogs-devel-1.41.9-3.el5.i386.rpm
e4fsprogs-libs-1.41.9-3.el5.i386.rpm

      x86_64:
xen-3.0.3-120.el5_6.2.x86_64.rpm
xen-devel-3.0.3-120.el5_6.2.i386.rpm
xen-devel-3.0.3-120.el5_6.2.x86_64.rpm
xen-libs-3.0.3-120.el5_6.2.i386.rpm
xen-libs-3.0.3-120.el5_6.2.x86_64.rpm
   For Dependancies:
e4fsprogs-1.41.9-3.el5.x86_64.rpm
e4fsprogs-devel-1.41.9-3.el5.i386.rpm
e4fsprogs-devel-1.41.9-3.el5.x86_64.rpm
e4fsprogs-libs-1.41.9-3.el5.i386.rpm
e4fsprogs-libs-1.41.9-3.el5.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2