[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XenServer Denial of Service patch details?

  • To: Bastian Blank <bastian@xxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Melody Bliss <melodybliss@xxxxxxxxx>
  • Date: Sun, 15 May 2011 21:08:16 -0700
  • Cc:
  • Delivery-date: Sun, 15 May 2011 21:09:37 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=DzTtLN8GL//GOv+pTzmp7A6DyszbYC7p7GY0mGo6QUbUKNiLFF3CY1k6J6E6AyVoRT I/GaoxqZdjGLseBNDyYizBMroZjQCp1ziH7/GLl89RwoWovGuO+fmfLPAHNQf3L2311Z xdEv8pix85l6DvbrS8VDkg+5S0Zdt1BSVXIgI=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

On Sat, May 14, 2011 at 7:43 AM, Bastian Blank <bastian@xxxxxxxxxxxx> wrote:
> On Fri, May 13, 2011 at 09:51:45AM -0700, Melody Bliss wrote:
>> Does anyone have any details of the XenServer DOS patch?
> This smells like CVE-2011-1166. Please always cite the CVE designation.

Bastian, I would have but I had no details of this vulnerability other
than the XenServer URL links pointing to the patches for it, thus my
request if anyone had details on this DOS.

>> One of my coworkers got the following email from Citrix stating that
>> XenServer has a patch. Does anyone know if the DOS attach is XenServer
>> specific or if it also applies to Xen?
> It applies to Xen and is fixed in 4.1 and pending for 4.0.

Do we know if there is a 3.x patch at all? I'm going to assume no
since work looks to be going on on 4.x instead typically.


Melody Bliss
Usenix, SAGE and LOPSA Charter Member
Patron Member of the NRA

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.