Synopsis: Important: xen security update
Issue Date: 2011-05-09
CVE Numbers: CVE-2011-1583
—
The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.
It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode
routines did not correctly check for a possible buffer size overflow in the
decoding loop. As well, several integer overflow flaws and missing
error/range checking were found that could lead to an infinite loop. A
privileged guest user could use these flaws to crash the guest or,
possibly, execute arbitrary code in the privileged management domain
(Dom0). (CVE-2011-1583)
All xen users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.
—
SL5
x86_64
xen-3.0.3-120.el5_6.2.x86_64.rpm
xen-devel-3.0.3-120.el5_6.2.i386.rpm
xen-devel-3.0.3-120.el5_6.2.x86_64.rpm
xen-libs-3.0.3-120.el5_6.2.i386.rpm
xen-libs-3.0.3-120.el5_6.2.x86_64.rpm
i386
xen-3.0.3-120.el5_6.2.i386.rpm
xen-devel-3.0.3-120.el5_6.2.i386.rpm
xen-libs-3.0.3-120.el5_6.2.i386.rpm
– Scientific Linux Development Team
