Xen project Mailing List

Re: [Xen-users] XenServer Denial of Service patch details?

To: Bastian Blank <bastian@xxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx

From: Melody Bliss <melodybliss@xxxxxxxxx>

Date: Sun, 15 May 2011 21:08:16 -0700

Cc:

Delivery-date: Sun, 15 May 2011 21:09:37 -0700

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=DzTtLN8GL//GOv+pTzmp7A6DyszbYC7p7GY0mGo6QUbUKNiLFF3CY1k6J6E6AyVoRT I/GaoxqZdjGLseBNDyYizBMroZjQCp1ziH7/GLl89RwoWovGuO+fmfLPAHNQf3L2311Z xdEv8pix85l6DvbrS8VDkg+5S0Zdt1BSVXIgI=

List-id: Xen user discussion <xen-users.lists.xensource.com>

On Sat, May 14, 2011 at 7:43 AM, Bastian Blank <bastian@xxxxxxxxxxxx> wrote: > On Fri, May 13, 2011 at 09:51:45AM -0700, Melody Bliss wrote: >> Does anyone have any details of the XenServer DOS patch? > > This smells like CVE-2011-1166. Please always cite the CVE designation. Bastian, I would have but I had no details of this vulnerability other than the XenServer URL links pointing to the patches for it, thus my request if anyone had details on this DOS. >> One of my coworkers got the following email from Citrix stating that >> XenServer has a patch. Does anyone know if the DOS attach is XenServer >> specific or if it also applies to Xen? > > It applies to Xen and is fixed in 4.1 and pending for 4.0. Do we know if there is a 3.x patch at all? I'm going to assume no since work looks to be going on on 4.x instead typically. Mel -- Melody Bliss Usenix, SAGE and LOPSA Charter Member Patron Member of the NRA _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.