Synopsis:    Moderate: xen security update
Issue Date:  2012-07-31
CVE Numbers: CVE-2012-2625


The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Scientific
Linux.

A flaw was found in the way the pyGrub boot loader handled compressed
kernel images. A privileged guest user in a para-virtualized guest (a DomU)
could use this flaw to create a crafted kernel image that, when attempting
to boot it, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-2625)

All users of xen are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the xend service must be restarted for this update to
take effect.

SL5:
  i386
     xen-3.0.3-135.el5_8.4.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
     xen-devel-3.0.3-135.el5_8.4.i386.rpm
     xen-libs-3.0.3-135.el5_8.4.i386.rpm
  x86_64
     xen-3.0.3-135.el5_8.4.x86_64.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm
     xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm
     xen-devel-3.0.3-135.el5_8.4.i386.rpm
     xen-devel-3.0.3-135.el5_8.4.x86_64.rpm
     xen-libs-3.0.3-135.el5_8.4.i386.rpm
     xen-libs-3.0.3-135.el5_8.4.x86_64.rpm

- Scientific Linux Development Team