Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2011:1401
HistoryOct 24, 2011 - 12:00 a.m.

(RHSA-2011:1401) Moderate: xen security and bug fix update

2011-10-2400:00:00
access.redhat.com
15

0.001 Low

EPSS

Percentile

46.6%

JSON

The xen packages contain administration tools and the xend service for
managing the kernel-xen kernel for virtualization on Red Hat Enterprise
Linux.

A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem
emulation. An unprivileged, local guest user could provide a large number
of bytes that are used to zero out a fixed-sized buffer via a SAI READ
CAPACITY SCSI command, overwriting memory and causing the guest to crash.
(CVE-2011-3346)

This update also fixes the following bugs:

  • Prior to this update, the vif-bridge script used a maximum transmission
    unit (MTU) of 1500 for a new Virtual Interface (VIF). As a result, the MTU
    of the VIF could differ from that of the target bridge. This update fixes
    the VIF hot-plug script so that the default MTU for new VIFs will match
    that of the target Xen hypervisor bridge. In combination with a new enough
    kernel (RHSA-2011:1386), this enables the use of jumbo frames in Xen
    hypervisor guests. (BZ#738608)

  • Prior to this update, the network-bridge script set the MTU of the bridge
    to 1500. As a result, the MTU of the Xen hypervisor bridge could differ
    from that of the physical interface. This update fixes the network script
    so the MTU of the bridge can be set higher than 1500, thus also providing
    support for jumbo frames. Now, the MTU of the Xen hypervisor bridge will
    match that of the physical interface. (BZ#738610)

  • Red Hat Enterprise Linux 5.6 introduced an optimized migration handling
    that speeds up the migration of guests with large memory. However, the new
    migration procedure can theoretically cause data corruption. While no cases
    were observed in practice, with this update, the xend daemon properly waits
    for correct device release before the guest is started on a destination
    machine, thus fixing this bug. (BZ#743850)

Note: Before a guest is using a new enough kernel (RHSA-2011:1386), the MTU
of the VIF will drop back to 1500 (if it was set higher) after migration.

All xen users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the xend service must be restarted for this update to
take effect.

Related

veracode 1
cve 1
nessus 5
prion 1
openvas 7
centos 1
ubuntucve 1
nvd 1
oraclelinux 1
cvelist 1
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:08
cve
cve
CVE-2011-3346
2014-04-01 06:35:52
nessus
nessus
RHEL 5 : xen (RHSA-2011:1401)
2011-10-25 00:00:00
openSUSE Security Update : kvm (openSUSE-2011-95)
2014-06-13 00:00:00
Scientific Linux Security Update : xen on SL5.x i386/x86_64
2012-08-01 00:00:00
prion
prion
Buffer overflow
2014-04-01 06:35:00
openvas
openvas
Oracle: Security Advisory (ELSA-2011-1401)
2015-10-06 00:00:00
RedHat Update for xen RHSA-2011:1401-01
2011-10-31 00:00:00
CentOS Update for xen CESA-2011:1401 centos5 x86_64
2012-07-30 00:00:00
centos
centos
xen security update
2011-10-24 17:56:22
ubuntucve
ubuntucve
CVE-2011-3346
2014-04-01 00:00:00
nvd
nvd
CVE-2011-3346
2014-04-01 06:35:52
oraclelinux
oraclelinux
xen security and bug fix update
2011-10-24 00:00:00
cvelist
cvelist
CVE-2011-3346
2014-04-01 01:00:00

0.001 Low

EPSS

Percentile

46.6%

JSON
Related for RHSA-2011:1401
veracode1cve1nessus5prion1openvas7centos1ubuntucve1nvd1oraclelinux1cvelist1