Synopsis: Important: xen security update Issue date: 2011-05-09 CVE Names: CVE-2011-1583 It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) The system must be rebooted for this update to take effect. SL 5.x SRPMS: xen-3.0.3-120.el5_6.2.src.rpm i386: xen-3.0.3-120.el5_6.2.i386.rpm xen-devel-3.0.3-120.el5_6.2.i386.rpm xen-libs-3.0.3-120.el5_6.2.i386.rpm For Dependancies: e4fsprogs-1.41.9-3.el5.i386.rpm e4fsprogs-devel-1.41.9-3.el5.i386.rpm e4fsprogs-libs-1.41.9-3.el5.i386.rpm x86_64: xen-3.0.3-120.el5_6.2.x86_64.rpm xen-devel-3.0.3-120.el5_6.2.i386.rpm xen-devel-3.0.3-120.el5_6.2.x86_64.rpm xen-libs-3.0.3-120.el5_6.2.i386.rpm xen-libs-3.0.3-120.el5_6.2.x86_64.rpm For Dependancies: e4fsprogs-1.41.9-3.el5.x86_64.rpm e4fsprogs-devel-1.41.9-3.el5.i386.rpm e4fsprogs-devel-1.41.9-3.el5.x86_64.rpm e4fsprogs-libs-1.41.9-3.el5.i386.rpm e4fsprogs-libs-1.41.9-3.el5.x86_64.rpm - Scientific Linux Development Team