Both RHEL/CentOS 5.x with Xen 3.4.4 (both Static and CloudBoot HVs) and RHEL/CentOS 6.x (Static and CloudBoot HVs on experimental mode) with Xen 4.2.x are affected.
A malicious guest might be able to read sensitive data relating to other guests.
A malicious HVM guest might be able to read sensitive data relating to other guests.
To eliminate the security issue for Static Hypervisors:
For customers which are using latest hypervisor tools or do not want to upgrade them:
# yum update xen xen-libs
This should update to the xen-3.4.4-5.el5.onapp.x86_64 version.
- RHEL/CentOS 6.x
# yum update centos-xen-repo xen xen-hypervisor
This should update to the xen-4.2.5-38.1.onapp.el6.x86_64version.
- Reboot the hypervisor.
!Consider migrating (if required) of running guests into any other host before the reboot.