Synopsis:          Important: xen security update
Advisory ID:       SLSA-2016:2963-1
Issue Date:        2016-12-20
CVE Numbers:       CVE-2016-9637
--

Security Fix(es):

* An out of bounds array access issue was found in the Xen virtual machine
monitor, built with the QEMU ioport support. It could occur while doing
ioport read/write operations, if guest was to supply a 32bit address
parameter. A privileged guest user/process could use this flaw to
potentially escalate their privileges on a host. (CVE-2016-9637)
--

SL5
  x86_64
    xen-debuginfo-3.0.3-148.el5_11.i386.rpm
    xen-debuginfo-3.0.3-148.el5_11.x86_64.rpm
    xen-libs-3.0.3-148.el5_11.i386.rpm
    xen-libs-3.0.3-148.el5_11.x86_64.rpm
    xen-3.0.3-148.el5_11.x86_64.rpm
    xen-devel-3.0.3-148.el5_11.i386.rpm
    xen-devel-3.0.3-148.el5_11.x86_64.rpm
  i386
    xen-debuginfo-3.0.3-148.el5_11.i386.rpm
    xen-libs-3.0.3-148.el5_11.i386.rpm
    xen-3.0.3-148.el5_11.i386.rpm
    xen-devel-3.0.3-148.el5_11.i386.rpm

- Scientific Linux Development Team