XEN Security Update XSA-123

Both CentOS 5.x with Xen 3.4.4 (both Static and CloudBoot HVs) and CentOS 6.x (Static and CloudBoot HVs on experimental mode) with Xen 4.2.x are affected.

XSA-123

A malicious guest might be able to read sensitive data relating to

other guests. A malicious guest administrator might be able to cause

denial of service. Arbitrary code execution, and therefore privilege

escalation, cannot be excluded.

To eliminate the security issues for CloudBoot Hypervisors you need to upgrade to OnApp 3.3.2-19 Storage Update.


To eliminate the security issue for Static Hypervisors:

For customers willing to upgrade to the latest hypervisor tools (corresponding to used OnApp version)

  • Run the OnApp Xen Hypervisor installer

    /onapp/onapp-hv-install/onapp-hv-xen-install.sh
  • Reboot the hypervisor.

    Consider migrating (if required) of running guests into any other host before the reboot.

For customers which are using latest hypervisor tools or do not want to upgrade them:

  • CentOS 5.x

    # yum update xen xen-libs

    This should update to the xen-3.4.4-6.el5.onapp.x86_64 version.

  • CentOS 6.x

     # yum update centos-xen-repo xen xen-hypervisor

    This should update to the xen-4.2.5-38.2.onapp.el6.x86_64 version.

  • Reboot the hypervisor. 

    Consider migrating (if required) of running guests into any other host before the reboot.