[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] [XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1 [FIX]



On 06/15/2012 08:58 AM, George Shuklin wrote:
Ok, I've done some testing with this update, seems be fine for me.

Here instructions and extracted rpm with hypervisor:

http://5407.selcdn.ru/xen/instruction.html

2 Dave: I found it installs perfectly inside XCP 1.1 with 'rpm -U'.


How about XCP 1.0? Which version should be selected on the Citrix support page?


On 13.06.2012 20:06, George Shuklin wrote:
Good day.

Few days ago very serious issue has been published, allowing 64-bit PV-guest gain control over dom0. AFAIK this is fully affect XCP 1.1

Here more data http://permalink.gmane.org/gmane.comp.security.oss.general/7851

I found that http://support.citrix.com/article/CTX133176 is fixing that.

Now, I have few questions:
1) Can I use xen and kernel rpms from that update to install them in XCP installation? 2) What is legal status of that operation? Can I just install xen and linux from XenServer to XCP? (I'm not talking about StrageLink or some closed components, only xen and linux) 3) May I freely publish extracted rpms (this is very non-trivial operation)?

Thanks.


_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


--
Sergio Macedo

Suporte SO
21-2483-6972


_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.