XEN Security Update XSA-114

CentOS 6.x with Xen 4.x Static (and CloudBoot if experimental mode is used) Hypervisors are vulnerable.

XSA-114

A malicious guest administrator can deny service to other tasks. If the NMI watchdog is active, a timeout might be triggered, resulting in a host crash.


To eliminate the security issue for Static Hypervisors on CentOS 6.x:

For customers willing to upgrade to the latest hypervisor tools (corresponded to used OnApp version)

  • Run the OnApp Xen Hypervisor installer

    /onapp/onapp-hv-install/onapp-hv-xen-install.sh
  • Reboot the hypervisor.

    Consider migrating (if required) of running guests into any other host before the reboot.

For customers which are using latest hypervisor tools or do not want to upgrade them:

  • Run

     # yum update centos-xen-repo xen xen-hypervisor

    This should update to the 4.2.5-37.onapp.3.el6 version.

  • Reboot the hypervisor. 

    Consider migrating (if required) of running guests into any other host before the reboot.