[CentOS-announce] CESA-2014:X010 Moderate xen Xen4CentOS Security Update

Wed Oct 1 12:07:48 UTC 2014
Johnny Hughes <johnny at centos.org>

CentOS Errata and Security Advisory 2014:X010 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

f5a30e6c7c17a391dfc218cce2c2ca52dba4bf61d6c2d664faecda673d72fdea xen-4.2.5-33.el6.centos.alt.x86_64.rpm
993a2d96e1444b4ead48ddb2e04c0dbd96e0ddeffd388c81ef5496c5edc627cc xen-debuginfo-4.2.5-33.el6.centos.alt.x86_64.rpm
8ea623bd210e4b01e99de1e13a12bfad209238feaed9c540ea2fe84d0c09dbaf xen-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
29f2053460161edb3a93e1f4902a817196b9de9ed800e73ca26ac5a8c9aa1946 xen-doc-4.2.5-33.el6.centos.alt.x86_64.rpm
b194d1ef94332bd3ee4d5e60190764e244809e270ab0ad506128cdd57ded09f6 xen-hypervisor-4.2.5-33.el6.centos.alt.x86_64.rpm
2d89359ac8ad6b9f853cd9e55b0c6ce6bb740295273157689544f8a4eeacbcf0 xen-libs-4.2.5-33.el6.centos.alt.x86_64.rpm
bca6d03a749e531fce006d571847ab2077e2283c0350012f3e2135e26c3a38b3 xen-licenses-4.2.5-33.el6.centos.alt.x86_64.rpm
13ccd1ba3d1af1a68e63c930663bd7afe2b3c635dba58183c076f9c3cd6c3a5a xen-ocaml-4.2.5-33.el6.centos.alt.x86_64.rpm
fbb2c5d49177333b0f8fb578ad38de824cba1dc2a2de2364ad1763bb20ab25c9 xen-ocaml-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
2683887a4c4a1f98e0b9479d9587ab5ec7d0ea382538fea4be8c5a92f12c6f61 xen-runtime-4.2.5-33.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

f11fbc39bf07f06834fc05e81d3f3b4d916dc5a1ee5aaec6d048041d62cd5aae xen-4.2.5-33.el6.centos.alt.src.rpm

=====================================================

xen Changelog info from the SPEC file:

* Fri Sep 26 2014 Johnny Hughes <johnny at centos.org> -  4.2.5-33.el6.centos
- upgrade to upstream Xen version 4.2.5
- removed patches that are already part of 4.2.5
- Added Patch205 (XSA-97, CVE-2014-5146,CVE-2014-5149)
- Added Patch206 (XSA-104, CVE-2014-7154)
- Added Patch207 (XSA-105, CVE-2014-7155)
- Added Patch208 (XSA-106, CVE-2014-7156) 

=====================================================
The following informaion is available for Xen 4.2.5 from XenProject.org:

http://bit.ly/1mABNPg

=====================================================

The following Release info is available from the Xen site regarding XSAs:

http://xenbits.xen.org/xsa/advisory-97.html
http://xenbits.xen.org/xsa/advisory-104.html
http://xenbits.xen.org/xsa/advisory-105.html
http://xenbits.xen.org/xsa/advisory-106.html

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net