xen security update

CentOS Errata and Security Advisory CESA-2015:2065

The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.

A heap buffer overflow flaw was found in the way QEMU’s NE2000 NIC
emulation implementation handled certain packets received over the network.
A privileged user inside a guest could use this flaw to crash the QEMU
instance (denial of service) or potentially execute arbitrary code on the
host. (CVE-2015-5279)

Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting
this issue.

All xen users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, all running fully-virtualized guests must be restarted
for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-November/083665.html

Affected packages:
xen
xen-devel
xen-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2065