CentOS Errata and Security Advisory CESA-2007:0323
The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization.
The following security flaws are fixed in the updated Xen package:
Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. (CVE-2007-4993)
Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. (CVE-2007-1320)
Tavis Ormandy discovered insufficient input validation leading to a heap overflow in the Xen NE2000 network driver. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Xen does not use this driver by default. (CVE-2007-1321)
Users of Xen should update to these erratum packages containing backported patches which correct these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-October/026304.html http://lists.centos.org/pipermail/centos-announce/2007-October/026305.html
Affected packages: xen xen-devel xen-libs
Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0323.html