[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

  • To: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
  • From: John Creol <iamcreo@xxxxxxxxx>
  • Date: Thu, 14 Jun 2012 05:19:47 -0700 (PDT)
  • Delivery-date: Thu, 14 Jun 2012 12:20:48 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=vgGwsWumfDAfR1gsnauY88b/6R3tpPqH51E7gKdvTTGs0otCyKLH9S5PGkOZuBgvaqP090doA03YPh1Au43cYnxam+Z3N7bFpInwFz+6dBrkH1Z9Y6+fV5TvbEhn4gAaLatuW3Sneis6t4fpbWKXOd/xu6qVWHoge096YzYZXO0=;
  • List-id: Xen user discussion <xen-users.lists.xen.org>

>From what I understand, http://www.gitco.de/repo/  Gitco only provides the 
>hypervisor and userspace tools, ie from the page:
- These XEN-RPMS are for CentOS-5/RHEL-5 (x86_64) 
- They have been built from the sources of http://www.xen.org
- It's only the hypervisor, no changes on the kernel !!!
Even with a Gitco provided hypervisor rpm, your dom0 is running with the CentOS 
provided kernel-xen, which can be updated with the fix.

>From a brief look this vulnerability does not impact the hypervisor.. right ?


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.