Synopsis: Moderate: xen security update
Issue Date: 2012-07-31
CVE Numbers: CVE-2012-2625
—
A flaw was found in the way the pyGrub boot loader handled compressed
kernel images. A privileged guest user in a para-virtualized guest (a DomU)
could use this flaw to create a crafted kernel image that, when attempting
to boot it, could result in an out-of-memory condition in the privileged
domain (the Dom0). (CVE-2012-2625)
All users of xen are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the xend service must be restarted for this update to
take effect.
—
SL5
x86_64
xen-3.0.3-135.el5_8.4.x86_64.rpm
xen-devel-3.0.3-135.el5_8.4.i386.rpm
xen-devel-3.0.3-135.el5_8.4.x86_64.rpm
xen-libs-3.0.3-135.el5_8.4.i386.rpm
xen-libs-3.0.3-135.el5_8.4.x86_64.rpm
i386
xen-3.0.3-135.el5_8.4.i386.rpm
xen-devel-3.0.3-135.el5_8.4.i386.rpm
xen-libs-3.0.3-135.el5_8.4.i386.rpm
– Scientific Linux Development Team
