[CentOS-announce] CESA-2014:X008 Moderate: Xen4CentOS xen Security Update

Mon Jun 16 22:14:47 UTC 2014
Johnny Hughes <johnny at centos.org>

CentOS Errata and Security Advisory 2014:X008 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

58469d64c897d1deb6832b2cc69d1d28c83162075835d256ff56996aecb8d145 xen-4.2.4-33.el6.centos.alt.x86_64.rpm
638a23de4472d3ded206c72359d4080826561e958e2b2e2560cf1937491c3c42 xen-devel-4.2.4-33.el6.centos.alt.x86_64.rpm
19c75d460905acd5a16e97c1775ba40c26ee10b413bb52510afb1e3fab594426 xen-doc-4.2.4-33.el6.centos.alt.x86_64.rpm
7906b1282cbe24e123e777271f88d978912edb056dd0c9424396359a4a939d6f xen-hypervisor-4.2.4-33.el6.centos.alt.x86_64.rpm
12ca64fef26338932ed2dda1d155f29dbb3224f076fd41d14ba56344d454ce40 xen-libs-4.2.4-33.el6.centos.alt.x86_64.rpm
20b5ccd7c84c310f76d0d25513fd510fc5704199168c42a1ce22e2de073ec2e0 xen-licenses-4.2.4-33.el6.centos.alt.x86_64.rpm
b35e9eb7f784d34a671e44b6b795ace02857d06a597973f22f9712e7c2ddaae6 xen-ocaml-4.2.4-33.el6.centos.alt.x86_64.rpm
4730853e1c2846a1374ba650722f92ab385a3e8ea2b2c0bebd2d9ec6f1985759 xen-ocaml-devel-4.2.4-33.el6.centos.alt.x86_64.rpm
8c9bb14dd42a17632826a00d8523b188c53ea34da18c147c474c60b79c314a37 xen-runtime-4.2.4-33.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

d2083203e161753a5a6668b41af7b70a856d312afd8cd656f0331511fd9b17d3 xen-4.2.4-33.el6.centos.alt.src.rpm

=====================================================

xen Changelog info from the SPEC file:

* Mon Jun 16 2014 Johnny Hughes <johnny at centos.org> - 4.2.4-33.el6.centos
- Really apply Patch203

* Mon Jun 16 2014 Johnny Hughes <johnny at centos.org> - 4.2.4-32.el6.centos
- Patch203 (XSA-96, CVE-2014-3967 and CVE-2014-3968) added

* Mon May  5 2014 Johnny Hughes <johnny at centos.org> - 4.2.4-31.el6.centos
- Roll in Patch202, XSA-92 (CVE-2014-3124)
- Created Patch201 to allow RHEL7 Beta and RC to boot

* Wed Mar 26 2014 Johnny Hughes <johnny at centos.org> - 4.2.4-30.el6.centos
- roll in Patch200, XSA-89 (CVE-2014-2599)

=====================================================

The following Release info is available from the Xen site regarding XSAs:

http://xenbits.xenproject.org/xsa/advisory-89.html
http://xenbits.xenproject.org/xsa/advisory-92.html
http://xenbits.xenproject.org/xsa/advisory-96.html

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net