Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.114. xen

Updated xen packages that fix one bug are now available for Red Hat Enterprise Linux 5.
Xen is a high-performance and secure open-source virtualization framework. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.

Bug Fix

BZ#960013
Due to a lack of support for set affinity in systems with more than 64 CPU cores, it was not possible to use Xen with such systems as any excess CPUs were reported as idle. With this update, systems with large number of CPU cores are detected and Xen Hypervisor can handle them as expected.
Users of xen are advised to upgrade to these updated packages, which fix this bug.
Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.

Security Fix

CVE-2012-4544
A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged guest user in a para-virtualized guest (a DomU) could create a crafted kernel or ramdisk image that, when attempting to use it during guest start, could result in an out-of-memory condition in the privileged domain (the Dom0).
Red Hat would like to thank the Xen project for reporting this issue.
All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect.
Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.

Security Fix

CVE-2012-6075
A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.
All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.