From https://bugzilla.redhat.com/show_bug.cgi?id=870412 :
The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk
either before or after decompression. This could cause the toolstack to consume all available RAM
in the domain running the domain builder.
A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0
leading to a denial of service attack.
HVM guests are not affected by this vulnerability.
Red Hat would like to thank the Xen project for reporting this issue.
The PV domain builder in Xen 4.2 and earlier does not validate the size of
the kernel or ramdisk (1) before or (2) after decompression, which allows
local guest administrators to cause a denial of service (domain 0 memory
consumption) via a crafted (a) kernel or (b) ramdisk.
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe,
4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial
of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed
CVE-2012-2625 XSA-25 content is in place in the xensource code in >=4.2.0. CVE-2012-4544 XSA-25 patch takes once applied to the xensource code in >=4.2.0.
CVE-2012-2625 XSA-25 will become obsolete on the stabilising of xen-4.2.0.
CVE-2012-4544 XSA-25 is currently valid and pertinent to xen-tools and xen-pvgrub.
@xen team: 4.2.2 is stable, can you verify whether the issues are fixed in this version?
Please confirm comment 4, as we are getting ready to release a GLSA and we would like to include this bug in to it if it is fixed.
(In reply to Yury German from comment #5)
> Please confirm comment 4, as we are getting ready to release a GLSA and we
> would like to include this bug in to it if it is fixed.
Yes, I've verified. This is already fixed in >=xen-4.2.1, check other xen ebuilds (4.3.x, 4.4.x) in portage which are *not* affected by this.
Thank you ... adding to existing GLSA.
This issue was resolved and addressed in
GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).