LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: xen on SL5.x i386/x86_64
From:	Patrick Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 21 Mar 2012 16:24:44 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

Synopsis:    Important: xen security and bug fix update
Issue Date:  2012-03-07
CVE Numbers: CVE-2012-0029


The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Scientific
Linux.

A heap overflow flaw was found in the way QEMU emulated the e1000 network
interface card. A privileged guest user in a virtual machine whose network
interface is configured to use the e1000 emulated driver could use this
flaw to crash QEMU or, possibly, escalate their privileges on the host.
(CVE-2012-0029)

This update also fixes the following bugs:

* Adding support for jumbo frames introduced incorrect network device
expansion when a bridge is created. The expansion worked correctly with the
default configuration, but could have caused network setup failures when a
user-defined network script was used. This update changes the expansion so
network setup will not fail, even when a user-defined network script is
used.

* A bug was found in xenconsoled, the Xen hypervisor console daemon. If
timestamp logging for this daemon was enabled (using both the
XENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and XENCONSOLED_TIMESTAMP_GUEST_LOG
options in "/etc/sysconfig/xend"), xenconsoled could crash if the guest
emitted a lot of information to its serial console in a short period of
time. Eventually, the guest would freeze after the console buffer was
filled due to the crashed xenconsoled. Timestamp logging is disabled by
default.

All xen users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

SL5:
  i386
     xen-3.0.3-135.el5_8.2.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.2.i386.rpm
     xen-devel-3.0.3-135.el5_8.2.i386.rpm
     xen-libs-3.0.3-135.el5_8.2.i386.rpm
  x86_64
     xen-3.0.3-135.el5_8.2.x86_64.rpm
     xen-debuginfo-3.0.3-135.el5_8.2.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.2.x86_64.rpm
     xen-devel-3.0.3-135.el5_8.2.i386.rpm
     xen-devel-3.0.3-135.el5_8.2.x86_64.rpm
     xen-libs-3.0.3-135.el5_8.2.i386.rpm
     xen-libs-3.0.3-135.el5_8.2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV