|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] PV privilege escalation - advisory
We are in the worst case: - intel cpu - domU not under control We will have to go own package way. Thanks Peter 2012/6/14 Fajar A. Nugraha <list@xxxxxxxxx>: > On Thu, Jun 14, 2012 at 1:35 PM, Peter Braun <xenware@xxxxxxxxx> wrote: >> Hello, >> >> we are using 3.4.3 from Gitco.de on 64bit Centos 5.8 and we have PV >> guests 64bit. >> >> According to described security bug we are in danger. >> >> >> What do you suggest? Wait for gitco update or build xen own with patch? > > It depends :) > > If you use newer AMD processor, it shouldn't matter. > If you control all of your domU, you could probably wait, as it > requires root privilege on domU to trigger the bug. > However if you run (e.g.) a VPS-hosting where other people have > control of the domU, you should build your own upgraded package > immediately. > > FWIW, this is one of the example on how using vendor-provided packages > would be useful. Redhat already released updated that address that > vulnerability: > https://access.redhat.com/security/cve/CVE-2012-0217 > https://rhn.redhat.com/errata/RHSA-2012-0721.html > > -- > Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |