CVE-2011-1583 It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not properly check for possible buffer size overflow in the decoding loop. Specially crafted kernel image file could be created that would trigger allocation of a small buffer resulting in buffer overflow with user supplied data. CVE-2011-3262 Additionally, several integer overflows and lack of error/range checking that could result in the loader reading its own address space or could lead to an infinite loop have been found. A privileged DomU user could use these flaws to cause denial of service or, possibly, execute arbitrary code in Dom0. Only management domains with 32-bit userland are vulnerable.
Created attachment 494129 [details] 5.7 backport of Xen Unstable upstream patch
Statement: This issue did not affect the versions of the Xen package as shipped with Red Hat Enterprise Linux 4 and 6. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0496.html.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0496 https://rhn.redhat.com/errata/RHSA-2011-0496.html