[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] [XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1



As far as I know, the main problems are: (1) the packages conflict (as you noticed); and (2) any separate modules compiled against the XS kernel probably need to be recompiled too.


Fundamentally the source of the XS and XCP RPMs should be (almost) identical. The license of all the xen packages (XS and XCP) and kernel packages (XS and XCP) should all be GPL, so you may redistribute them freely. If the RPMs work for you then it would be a really great if you could put them on the wiki somewhere for others.


Weâre hoping to unify the RPM packaging for as many XS and XCP components as possible so itâll be possible to use them interchangeably in future.





From: xen-api-bounces@xxxxxxxxxxxxx [mailto:xen-api-bounces@xxxxxxxxxxxxx] On Behalf Of George Shuklin
Sent: 14 June 2012 08:16
To: Carlos Eduardo Tavares Terra
Cc: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-API] [XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1


Right now I do initial testing in laboratory for those rpms, but their installation in XCP seems be very ugly. XenServer xen-hypervisor package simply conflicts with native xcp's and was installed with --force option.

And I kinda worry about how well it all will operates...

On 14.06.2012 06:48, Carlos Eduardo Tavares Terra wrote:

Good question...

I have the same doubt...

On Wed, Jun 13, 2012 at 1:06 PM, George Shuklin <george.shuklin@xxxxxxxxx> wrote:

Good day.

Few days ago very serious issue has been published, allowing 64-bit PV-guest gain control over dom0. AFAIK this is fully affect XCP 1.1

Here more data http://permalink.gmane.org/gmane.comp.security.oss.general/7851

I found that http://support.citrix.com/article/CTX133176 is fixing that.

Now, I have few questions:
1) Can I use xen and kernel rpms from that update to install them in XCP installation?
2) What is legal status of that operation? Can I just install xen and linux from XenServer to XCP? (I'm not talking about StrageLink or some closed components, only xen and linux)
3) May I freely publish extracted rpms (this is very non-trivial operation)?


Xen-api mailing list


Carlos Eduardo Tavares Terra
Red Hat Certified Engineer
Consultor em Infraestrutura de TI
GNU/Linux #413291 [http://counter.li.org]

Xen-api mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.