XEN Security Update XSA-123
Both CentOS 5.x with Xen 3.4.4 (both Static and CloudBoot HVs) and CentOS 6.x ( Static and CloudBoot HVs on experimental mode) with Xen 4.2.x are affected.
| XSA-123 | A malicious guest might be able to read sensitive data relating to other guests. A malicious guest administrator might be able to cause denial of service. Arbitrary code execution, and therefore privilege escalation, cannot be excluded. |
To eliminate the security issues for CloudBoot Hypervisors, you need to upgrade to Virtuozzo OnApp 3.3.2-19 Storage Update.
To eliminate the security issue for Static Hypervisors:
For customers willing to upgrade to the latest hypervisor tools (corresponding to used Virtuozzo OnApp version)
Run the Virtuozzo OnApp Xen Hypervisor installer
1/onapp/onapp-hv-install/onapp-hv-xen-install.shReboot the hypervisor.
Consider migrating (if required) of running guests into any other host before the reboot.
For customers which are using latest hypervisor tools or do not want to upgrade them:
CentOS 5.x
1# yum update xen xen-libsThis should update to the xen-3.4.4-6.el5.onapp.x86_64 version.
CentOS 6.x
1# yum update centos-xen-repo xen xen-hypervisorThis should update to the xen-4.2.5-38.2.onapp.el6.x86_64 version.
Reboot the hypervisor.
Consider migrating (if required) of running guests into any other host before the reboot.
