[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging

On Mon, May 23, 2016 at 6:09 PM, Xen.org security team <security@xxxxxxx> wrote:
> ==========
> Applying the appropriate attached patch resolves this issue.
> The patches adopt a simple and rather crude approach which is
> effective at resolving the security issue in the context of a Xen
> device model.  They may not be appropriate for adoption upstream or in
> other contexts.

This is indeed a rather crude approach; but for our upcoming 4.7
release, what's the plan?  Do we have time to generalize xenconsoled
to handle this sort of logging, and if so, who is going to do that


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.