SCIENTIFIC-LINUX-ERRATA Archives

August 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: xen on SL5.x i386/x86_64
From:
Patrick Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 1 Aug 2012 10:09:32 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Synopsis:    Moderate: xen security update
Issue Date:  2012-07-31
CVE Numbers: CVE-2012-2625


The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Scientific
Linux.

A flaw was found in the way the pyGrub boot loader handled compressed
kernel images. A privileged guest user in a para-virtualized guest (a DomU)
could use this flaw to create a crafted kernel image that, when attempting
to boot it, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-2625)

All users of xen are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the xend service must be restarted for this update to
take effect.

SL5:
  i386
     xen-3.0.3-135.el5_8.4.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
     xen-devel-3.0.3-135.el5_8.4.i386.rpm
     xen-libs-3.0.3-135.el5_8.4.i386.rpm
  x86_64
     xen-3.0.3-135.el5_8.4.x86_64.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm
     xen-devel-3.0.3-135.el5_8.4.i386.rpm
     xen-devel-3.0.3-135.el5_8.4.x86_64.rpm
     xen-libs-3.0.3-135.el5_8.4.i386.rpm
     xen-libs-3.0.3-135.el5_8.4.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2