Synopsis
Important: xen security update
Type/Severity
Security Advisory: Important
Topic
An update for xen is now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
Xen is a virtual machine monitor
Security Fix(es):
- An out of bounds array access issue was found in the Xen virtual machine
monitor, built with the QEMU ioport support. It could occur while doing ioport
read/write operations, if guest was to supply a 32bit address parameter. A
privileged guest user/process could use this flaw to potentially escalate their
privileges on a host. (CVE-2016-9637)
Red Hat would like to thank the Xen project for reporting this issue.
Solution
For details on how to apply this update, which includes the changes described in
this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat Enterprise Linux Server 5 x86_64
-
Red Hat Enterprise Linux Server 5 ia64
-
Red Hat Enterprise Linux Server 5 i386
-
Red Hat Enterprise Linux Workstation 5 x86_64
-
Red Hat Enterprise Linux Workstation 5 i386
-
Red Hat Enterprise Linux Desktop 5 x86_64
-
Red Hat Enterprise Linux Desktop 5 i386
Fixes
- BZ - 1397043 - CVE-2016-9637 XSA199 Xen: qemu ioport out-of-bounds array access (XSA-199)
CVEs
References
Vulmon