XEN Security Update XSA-139/CVE-2015-5165, XSA-140/CVE-2015-5166

IssueSummaryAffected versions
XSA-139/CVE-2015-5165

An HVM guest which has access to an emulated IDE disk device may be able to exploit this vulnerability in order to take over the qemu process elevating its privilege to that of the qemu process.

Both Static and CloudBoot hypervisors under CentOS 6.x with Xen 4.x running FreeBSD or Windows guests are vulnerable.

XSA-140/CVE-2015-5166

A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process. Such information may include things such as information relating to real devices backing emulated devices or passwords which the host administrator does not intend to share with the guest admin.

Both Static and CloudBoot hypervisors under CentOS 5.x and 6.x with Xen 3.4.4 and 4.x might be affected when running Windows guests with uninstalled (manually) PV drivers.

To eliminate the security issue for Static Hypervisors:

For customers willing to upgrade to the latest hypervisor tools (corresponding to OnApp version installed)

  • Run the OnApp Xen Hypervisor installer

    /onapp/onapp-hv-install/onapp-hv-xen-install.sh
  • Reboot the hypervisor.

    Consider migrating (if required) of running guests into any other host before the reboot.

For customers which are using latest hypervisor tools or do not want to upgrade them:

  • CentOS 5.x

    # yum update xen xen-libs

    This should update to the xen-3.4.4-15.el5.onapp.x86_64 version.

  • CentOS 6.x

     # yum update xen xen-hypervisor

    This should update to the xen-4.2.5-38.12.onapp.el6.x86_64 version.

  • Reboot the hypervisor. 

    Consider migrating (if required) of running guests into any other host before the reboot.