Xen project Mailing List

On Fri, Jun 15, 2012 at 5:30 PM, <xen-api-request@xxxxxxxxxxxxx> wrote:

Send Xen-api mailing list submissions to
xen-api@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api
or, via email, send a message with subject or body 'help' to
xen-api-request@xxxxxxxxxxxxx

You can reach the person managing the list at
xen-api-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Xen-api digest..."

Today's Topics:

1. Re: Security update for VU#649219 (George Shuklin)
2. Re: Security update for VU#649219 (Marco Sinhoreli)
3. Fwd: Security update for VU#649219 (Marco Sinhoreli)
4. Re: [XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1
[FIX] (George Shuklin)

----------------------------------------------------------------------

Message: 1
Date: Thu, 14 Jun 2012 21:16:59 +0400
From: George Shuklin <george.shuklin@xxxxxxxxx>
To: xen-api@xxxxxxxxxxxxx
Subject: Re: [Xen-API] Security update for VU#649219
Message-ID: <4FDA1C8B.6060202@xxxxxxxxx>
Content-Type: text/plain; charset=UTF-8; format=flowed

See topic "[XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1" in
xen-api@

Right now I'm testing 'snatched' hypervisor from xenserver fix.

If I found no issues with it, I'll post link to rpm and instruction with
howto steps to it creation.

On 14.06.2012 20:30, Marco Sinhoreli wrote:
> Hi guys:
>
> Somebody know if has a bugfix for VU#649219 vulnerability?
>
> http://www.kb.cert.org/vuls/id/649219
> http://support.citrix.com/article/CTX133161
>
> thanks!
>

------------------------------

Message: 2
Date: Thu, 14 Jun 2012 16:17:29 -0300
From: Marco Sinhoreli <msinhore@xxxxxxxxx>
To: George Shuklin <george.shuklin@xxxxxxxxx>
Cc: xen-api@xxxxxxxxxxxxx
Subject: Re: [Xen-API] Security update for VU#649219
Message-ID:
<CAPz9JuVEZ6pzdE+oz7msBRH76d-2hFoUS7V2Nv2hVuJhUJfBrw@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8

It would be nice to have something like XenServer update to be applied in XCP.

Thanks,

On Thu, Jun 14, 2012 at 2:16 PM, George Shuklin
<george.shuklin@xxxxxxxxx> wrote:
> See topic "[XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1" in
> xen-api@
>
> Right now I'm testing 'snatched' ?hypervisor from xenserver fix.
>
> If I found no issues with it, I'll post link to rpm and instruction with
> howto steps to it creation.
>
>
> On 14.06.2012 20:30, Marco Sinhoreli wrote:
>>
>> Hi guys:
>>
>> Somebody know if has a bugfix for VU#649219 vulnerability?
>>
>> http://www.kb.cert.org/vuls/id/649219
>> http://support.citrix.com/article/CTX133161
>>
>> thanks!
>>
>
> _______________________________________________
> Xen-api mailing list
> Xen-api@xxxxxxxxxxxxx
> http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

--
Marco Sinhoreli

------------------------------

Message: 3
Date: Thu, 14 Jun 2012 16:21:37 -0300
From: Marco Sinhoreli <msinhore@xxxxxxxxx>
To: xen-api <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-API] Fwd: Security update for VU#649219
Message-ID:
<CAPz9JuWRfXBsit86m=C3oLC-maJhgA6As8tgXZny5-_MejDSpw@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8

FYI

---------- Forwarded message ----------
From: Marco Sinhoreli <msinhore@xxxxxxxxx>
Date: Thu, Jun 14, 2012 at 4:17 PM
Subject: Re: [Xen-API] Security update for VU#649219
To: George Shuklin <george.shuklin@xxxxxxxxx>
Cc: xen-api@xxxxxxxxxxxxx

It would be nice to have something like XenServer update to be applied in XCP.

Thanks,

On Thu, Jun 14, 2012 at 2:16 PM, George Shuklin
<george.shuklin@xxxxxxxxx> wrote:
> See topic "[XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1" in
> xen-api@
>
> Right now I'm testing 'snatched' ?hypervisor from xenserver fix.
>
> If I found no issues with it, I'll post link to rpm and instruction with
> howto steps to it creation.
>
>
> On 14.06.2012 20:30, Marco Sinhoreli wrote:
>>
>> Hi guys:
>>
>> Somebody know if has a bugfix for VU#649219 vulnerability?
>>
>> http://www.kb.cert.org/vuls/id/649219
>> http://support.citrix.com/article/CTX133161
>>
>> thanks!
>>
>
> _______________________________________________
> Xen-api mailing list
> Xen-api@xxxxxxxxxxxxx
> http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

--
Marco Sinhoreli

--
Marco Sinhoreli

------------------------------

Message: 4
Date: Fri, 15 Jun 2012 15:58:07 +0400
From: George Shuklin <george.shuklin@xxxxxxxxx>
To: "xen-api@xxxxxxxxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-API] [XCP] CVE-2012-0217 - PV privilege escalation
and XCP 1.1 [FIX]
Message-ID: <4FDB234F.1070604@xxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Ok, I've done some testing with this update, seems be fine for me.

Here instructions and extracted rpm with hypervisor:

http://5407.selcdn.ru/xen/instruction.html

2 Dave: I found it installs perfectly inside XCP 1.1 with 'rpm -U'.

On 13.06.2012 20:06, George Shuklin wrote:
> Good day.
>
> Few days ago very serious issue has been published, allowing 64-bit
> PV-guest gain control over dom0. AFAIK this is fully affect XCP 1.1
>
> Here more data
> http://permalink.gmane.org/gmane.comp.security.oss.general/7851
>
> I found that http://support.citrix.com/article/CTX133176 is fixing that.
>
> Now, I have few questions:
> 1) Can I use xen and kernel rpms from that update to install them in
> XCP installation?
> 2) What is legal status of that operation? Can I just install xen and
> linux from XenServer to XCP? (I'm not talking about StrageLink or some
> closed components, only xen and linux)
> 3) May I freely publish extracted rpms (this is very non-trivial
> operation)?
>
> Thanks.

------------------------------

_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

End of Xen-api Digest, Vol 73, Issue 25
***************************************

Re: [Xen-API] Xen-api Digest, Vol 73, Issue 25