Xen project Mailing List

Re: [Xen-API] [XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1

To: Carlos Eduardo Tavares Terra <eduardo.terra@xxxxxxxxx>

From: George Shuklin <george.shuklin@xxxxxxxxx>

Date: Thu, 14 Jun 2012 11:16:10 +0400

Cc: "xen-api@xxxxxxxxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 14 Jun 2012 07:16:26 +0000

List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>

Right now I do initial testing in laboratory for those rpms, but their installation in XCP seems be very ugly. XenServer xen-hypervisor package simply conflicts with native xcp's and was installed with --force option.

And I kinda worry about how well it all will operates...

On 14.06.2012 06:48, Carlos Eduardo Tavares Terra wrote:

Good question...
I have the same doubt...

On Wed, Jun 13, 2012 at 1:06 PM, George Shuklin <george.shuklin@xxxxxxxxx> wrote:

Good day.

Few days ago very serious issue has been published, allowing 64-bit PV-guest gain control over dom0. AFAIK this is fully affect XCP 1.1

Here more data http://permalink.gmane.org/gmane.comp.security.oss.general/7851

I found that http://support.citrix.com/article/CTX133176 is fixing that.

Now, I have few questions:
1) Can I use xen and kernel rpms from that update to install them in XCP installation?
2) What is legal status of that operation? Can I just install xen and linux from XenServer to XCP? (I'm not talking about StrageLink or some closed components, only xen and linux)
3) May I freely publish extracted rpms (this is very non-trivial operation)?

Thanks.

_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

--
Carlos Eduardo Tavares Terra
Red Hat Certified Engineer
Consultor em Infraestrutura de TI
GNU/Linux #413291 [http://counter.li.org]

_______________________________________________ Xen-api mailing list Xen-api@xxxxxxxxxxxxx http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api