Synopsis: Moderate: xen security update Issue Date: 2012-07-31 CVE Numbers: CVE-2012-2625 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Scientific Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest (a DomU) could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-2625) All users of xen are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. SL5: i386 xen-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-devel-3.0.3-135.el5_8.4.i386.rpm xen-libs-3.0.3-135.el5_8.4.i386.rpm x86_64 xen-3.0.3-135.el5_8.4.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm xen-devel-3.0.3-135.el5_8.4.i386.rpm xen-devel-3.0.3-135.el5_8.4.x86_64.rpm xen-libs-3.0.3-135.el5_8.4.i386.rpm xen-libs-3.0.3-135.el5_8.4.x86_64.rpm - Scientific Linux Development Team