Synopsis: Important: xen security update CVE Names: CVE-2007-1320 CVE-2007-1321 CVE-2007-4993 Detail: Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. (CVE-2007-4993) Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. (CVE-2007-1320) Tavis Ormandy discovered insufficient input validation leading to a heap overflow in the Xen NE2000 network driver. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Xen does not use this driver by default. (CVE-2007-1321) SL5.x SRPMS: xen-3.0.3-25.0.4.el5.src.rpm i386: xen-3.0.3-25.0.4.el5.i386.rpm xen-devel-3.0.3-25.0.4.el5.i386.rpm xen-libs-3.0.3-25.0.4.el5.i386.rpm x86_64: xen-3.0.3-25.0.4.el5.x86_64.rpm xen-devel-3.0.3-25.0.4.el5.i386.rpm xen-devel-3.0.3-25.0.4.el5.x86_64.rpm xen-libs-3.0.3-25.0.4.el5.i386.rpm xen-libs-3.0.3-25.0.4.el5.x86_64.rpm -Connie Sieh -Troy Dawson