Release date:
Updated on:
Affected Systems:
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux 5 server
XenSource Xen 3.1.2
XenSource Xen 3.1.1
XenSource Xen 3.0.3
XenSource Xen 3.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49375
Cve id: CVE-2011-2519
Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.
Xen has a denial-of-service vulnerability in the implementation of SAHF simulation. Local attackers can exploit this vulnerability to consume a large amount of memory in the host operating system and cause denial of service to legitimate users.
Because a fake address is referenced, the patch code can cause the management program to crash.
<* Source: Eugene Teo (eugeneteo@eugeneteo.net)
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 718882
Http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
XenSource
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://xen.xensource.com/