14 DAY TRIAL // Red Hat has published a new security advisory for its long-term supported Red Hat Enterprise Linux 5.x series of operating systems, informing users about an important update to the Xen packages.
According to the RHSA-2015:2065-1 security report, a single security issue has been fixed in the Xen packages used in Red Hat Enterprise Linux (RHEL) 5, which has been rated by the Red Hat Product Security team as having an important security impact. The security flaw was reported by Qinghao Tang of QIHU 360 Inc.
It was discovered that the NE2000 NIC emulation implementation of the QEMU virtualization software, on which Xen is based, could now handle certain packets received over the network, which could allow a privileged user inside a guest to crash the QEMU instance by causing a DoS (Denial of Service) attack, as well as to execute code.
It also affects CentOS 5.x series of GNU/Linux operating systems
The issue described above also affects the CentOS 5.x series of Linux kernel-based operating systems, as Johnny Hughes of CentOS has published details about the important CentOS 5 Xen security update on the project's CentOS Announce mailing list, recommending users to update their Xen packages as soon as possible.
Therefore, if you're using either of the Red Hat Enterprise Linux Desktop Multi OS 5.x, Red Hat Enterprise Linux Server 5.x, Red Hat Enterprise Linux Desktop 5.x, Red Hat Enterprise Linux Virtualization Server 5.x, or CentOS 5.x operating systems, you need to update the Xen packages to version 3.0.3-147.el5_11 as soon as possible.
Please remember to restart all running fully virtualized guests after applying the update. The Xen packages consist of the xend daemon and various administration tools that can be used for managing the kernel-xen Linux kernel for virtualization on Red Hat Enterprise Linux and CentOS. More details can be found at CVE-2015-5279.