CESA-2011:0496 -- centos 5 x86_64 xenID: oval:org.secpod.oval:def:201468 | Date: (C)2012-01-31 (M)2021-09-11 |
Class: PATCH | Family: unix |
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode and xc_try_lzma_decode decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain . All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.