[CentOS-announce] CESA-2013:X013 Important Xen4CentOS xen Security Update

Mon Nov 25 14:27:12 UTC 2013
Johnny Hughes <johnny at centos.org>

CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm
b8a518ca3807067471d7397481d9ebcb11f1dda80945bf40a34b8c6fd76cdf6b xen-devel-4.2.3-25.el6.centos.alt.x86_64.rpm
71622b65300a17b2bb6d5758e2bbe5ec158a429446b6dff875874641eba585bc xen-doc-4.2.3-25.el6.centos.alt.x86_64.rpm
eb4ea62e3455e39df2f468b224a15a30e0f61f5e0ad3e0996244aa1c42c611d3 xen-hypervisor-4.2.3-25.el6.centos.alt.x86_64.rpm
e0fe32ba2d7012cc69ac0b5c188abe949c2fb222b177be8c980ed83317eccb93 xen-libs-4.2.3-25.el6.centos.alt.x86_64.rpm
3a566e7a2040f3373285245f7f7c726a597d8de35dec8f601eb2863b432ab3b2 xen-licenses-4.2.3-25.el6.centos.alt.x86_64.rpm
80571d5031b23f6feca314d6b66838b4ba8e0e5e12845b1f3a69df8fd03ff9d5 xen-ocaml-4.2.3-25.el6.centos.alt.x86_64.rpm
ef16ee93f197961a3f8fb514816170c23e66a3fa74354c4e78959759b43b19df xen-ocaml-devel-4.2.3-25.el6.centos.alt.x86_64.rpm
22692e325f8ab867730e51570b3cc3977f4c64416c9f38ad0897716d8152a739 xen-runtime-4.2.3-25.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

d9db3406ff206cd8be106a63712df1c5daacd9d437fc88fb75f523476d60c840 xen-4.2.3-25.el6.centos.alt.src.rpm

=====================================================

xen Changelog info from the SPEC file:
* Sat Nov 23 2013 Johnny Hughes <johnny at centos.org> - 4.2.3-25.el6.centos
- Roll in patch 145 and 146 for XSA-75 (CVE-2013-4551), XSA-78 (CVE-2013-6375)

* Mon Nov 04 2013 Johnny Hughes <johnny at centos.org> - 4.2.3-24.el6.centos
- Roll in patches 134 to 141, 143 to 144 for the following XSAs:
- XSA-62 (CVE-2013-1442), XSA-63 (CVE-2013-4355), XSA-72 (CVE-2013-4416)
- XSA-64 (CVE-2013-4356), XSA-66 (CVE-2013-4361), XSA-67 (CVE-2013-4368)
- XSA-68 (CVE-2013-4369), XSA-69 (CVE-2013-4370), XSA-70 (CVE-2013-4371)
- XSA-73 (CVE-2013-4494)


=====================================================

The following XSA info is available from the Xen site 
http://xenbits.xen.org/xsa/advisory-62.html
http://xenbits.xen.org/xsa/advisory-63.html
http://xenbits.xen.org/xsa/advisory-64.html
http://xenbits.xen.org/xsa/advisory-66.html
http://xenbits.xen.org/xsa/advisory-67.html
http://xenbits.xen.org/xsa/advisory-68.html
http://xenbits.xen.org/xsa/advisory-69.html
http://xenbits.xen.org/xsa/advisory-70.html
http://xenbits.xen.org/xsa/advisory-72.html
http://xenbits.xen.org/xsa/advisory-73.html
http://xenbits.xen.org/xsa/advisory-75.html
http://xenbits.xen.org/xsa/advisory-78.html

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net