[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

On 14/06/2012 13:51, Fajar A. Nugraha wrote:
On Thu, Jun 14, 2012 at 7:19 PM, John Creol<iamcreo@xxxxxxxxx>  wrote:
 From what I understand, http://www.gitco.de/repo/  Gitco only provides the 
hypervisor and userspace tools, ie from the page:
- These XEN-RPMS are for CentOS-5/RHEL-5 (x86_64)
- They have been built from the sources of http://www.xen.org
- It's only the hypervisor, no changes on the kernel !!!
Even with a Gitco provided hypervisor rpm, your dom0 is running with the CentOS 
provided kernel-xen, which can be updated with the fix.

 From a brief look this vulnerability does not impact the hypervisor.. right ?
The bug is on the hypervisor as well:

My understanding is that this is *only* a hypervisor issue, *not* a kernel issue. The only reason why an updated RHEL kernel-xen package fixes this, is because the kernel-xen package includes the Xen hypervisor. I've always thought the RHEL package name "kernel-xen" was misleading. They should have called it something like "xen-server" or something.

Please someone correct me if I'm wrong

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.