(RHSA-2012:0370) Important: xen security and bug fix update

The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.

A heap overflow flaw was found in the way QEMU emulated the e1000 network
interface card. A privileged guest user in a virtual machine whose network
interface is configured to use the e1000 emulated driver could use this
flaw to crash QEMU or, possibly, escalate their privileges on the host.
(CVE-2012-0029)

Red Hat would like to thank Nicolae Mogoreanu for reporting this issue.

This update also fixes the following bugs:

• Adding support for jumbo frames introduced incorrect network device
  expansion when a bridge is created. The expansion worked correctly with the
  default configuration, but could have caused network setup failures when a
  user-defined network script was used. This update changes the expansion so
  network setup will not fail, even when a user-defined network script is
  used. (BZ#797191)

• A bug was found in xenconsoled, the Xen hypervisor console daemon. If
  timestamp logging for this daemon was enabled (using both the
  XENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and XENCONSOLED_TIMESTAMP_GUEST_LOG
  options in “/etc/sysconfig/xend”), xenconsoled could crash if the guest
  emitted a lot of information to its serial console in a short period of
  time. Eventually, the guest would freeze after the console buffer was
  filled due to the crashed xenconsoled. Timestamp logging is disabled by
  default. (BZ#797836)

All xen users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.