Xen is an open source virtualization framework. Virtualization allows usersto run guest operating systems in virtual machines on top of a hostoperating system.The pyGrub boot loader did not honor the "password" option in the grub.conffile for para-virtualized guests. Users with access to a guest's consolecould use this flaw to bypass intended access restrictions and boot theguest with arbitrary kernel boot options, allowing them to get rootprivileges in the guest's operating system. With this update, pyGrubcorrectly honors the "password" option in grub.conf for para-virtualizedguests. (CVE-2009-3525)This update also fixes the following bugs:All Xen users should upgrade to these updated packages, which containbackported patches to correct these issues. After installing the updatedpackages, the xend service must be restarted for this update to takeeffect.