[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

We are in the worst case:

- intel cpu
- domU not under control

We will have to go own package way.



2012/6/14 Fajar A. Nugraha <list@xxxxxxxxx>:
> On Thu, Jun 14, 2012 at 1:35 PM, Peter Braun <xenware@xxxxxxxxx> wrote:
>> Hello,
>> we are using 3.4.3 from Gitco.de on 64bit Centos 5.8 and we have PV
>> guests 64bit.
>> According to described security bug we are in danger.
>> What do you suggest? Wait for gitco update or build xen own with patch?
> It depends :)
> If you use newer AMD processor, it shouldn't matter.
> If you control all of your domU, you could probably wait, as it
> requires root privilege on domU to trigger the bug.
> However if you run (e.g.) a VPS-hosting where other people have
> control of the domU, you should build your own upgraded package
> immediately.
> FWIW, this is one of the example on how using vendor-provided packages
> would be useful. Redhat already released updated that address that
> vulnerability:
> https://access.redhat.com/security/cve/CVE-2012-0217
> https://rhn.redhat.com/errata/RHSA-2012-0721.html
> --
> Fajar

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.