The Xen Project has publicly released XSA-138: http://xenbits.xen.org/xsa/advisory-138.html All users using HVM (fully virtualized) guests with emulated CDROM drives are advised to upgrade. There are signed versions of Xen4CentOS6 packages uploaded to the mirror system. There are also unsigned packages available on the CBS: http://cbs.centos.org/repos/virt6-testing/x86_64/os/Packages/ http://cbs.centos.org/repos/virt7-xen-44-testing/x86_64/os/Packages/ -George