[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] [XCP] CVE-2012-0217 - PV privilege escalation and XCP 1.1



Mike, see
- http://staging.xen.org/download/xcp/index.html
- http://staging.xen.org/download/xcp/index_1.0.0.html
- http://staging.xen.org/download/xcp/index_1.1.0.html
Should be live at 17:45
Lars

On 15/06/2012 16:41, Mike McClurg wrote:
On 15/06/12 15:29, Lars Kurth wrote:
Mike,

>  To install the RPMs that I've uploaded, download them to your dom0
and install them with 'rpm -U'.
>
>  [1] http://downloads.xen.org/XCP/xcp-1.0-rpms/
>  [2] http://downloads.xen.org/XCP/xcp-1.1-rpms/

Ping me when you have them all such that I can publish them on
- http://xen.org/download/xcp/index.html
- http://xen.org/download/xcp/index_1.0.0.html
- http://xen.org/download/xcp/index_1.1.0.html

I've uploaded all the RPMs, so go ahead and make note of them on the website. The new ISOs are still building, though. I can ping you when they finish.


Also, do you have a list of the fixes that go into these. Are these just
the recently published 3 security fixes or are there more.


** Here is the changelog for the changes that went into XCP 1.0's Xen:

changeset:   705:bfc23bd2900d
tag:         tip
user:        David Vrabel <david.vrabel@xxxxxxxxxx>
date:        Fri May 25 12:51:15 2012 +0100
summary:     CA-77741: replace XSA7/8 patches with latest version

changeset:   704:571c0538e8f9
user:        David Vrabel <david.vrabel@xxxxxxxxxx>
date:        Fri Apr 20 13:50:14 2012 +0100
summary:     CA-77741: Apply patches for XSA7 and XSA8

changeset:   703:c57894a86c4c
user:        Simon Rowe <simon.rowe@xxxxxxxxxxxxx>
date:        Tue Jun 14 10:37:01 2011 +0100
summary:     CA-58864: backport fix for CVE-2011-1898

changeset:   702:1e5d065a3114
user:        Simon Rowe <simon.rowe@xxxxxxxxxxxxx>
date:        Tue Jun 14 10:32:37 2011 +0100
summary:     CA-57424: backported cve-2011-1583-4.0.patch

changeset:   701:646c5cc13ec8
user:        James Bulpin <James.Bulpin@xxxxxxxxxxxxx>
date:        Tue Mar 15 17:10:16 2011 +0000
summary: CA-53626 (Backport to Xen 3.4) x86_64: fix error checking in arch_set_info_guest()

** Here is the changelog for the patches that went into XCP 1.1's Xen:

changeset:   714:3772a512f7ce
tag:         tip
user:        David Vrabel <david.vrabel@xxxxxxxxxx>
date:        Fri May 25 12:47:12 2012 +0100
summary:     CA-77741: replace XSA7/8 patches with latest version

changeset:   713:81b8e187992c
user:        David Vrabel <david.vrabel@xxxxxxxxxx>
date:        Fri Apr 20 13:46:52 2012 +0100
summary:     CA-77741: Apply patches for XSA7 and XSA8

changeset:   712:61820ca962f2
user:        Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
date:        Wed Mar 14 12:22:03 2012 +0000
summary:     CIS3 - Add fixes for Oxford Hotfix Jones (XS56ESP2013)

changeset:   711:edfedb11e8c0
user:        Simon Rowe <simon.rowe@xxxxxxxxxxxxx>
date:        Tue Feb 28 12:31:21 2012 +0000
summary:     CA-73604: detect PVS using source port instead of filename

changeset:   710:49fab07814a9
user:        Simon Rowe <simon.rowe@xxxxxxxxxxxxx>
date:        Thu Oct 20 13:28:57 2011 +0100
summary:     CA-53613: Xen FP emulator error

changeset:   709:a77a7bf612e8
user:        George Dunlap <george.dunlap@xxxxxxxxxxxxx>
date:        Thu Oct 20 12:22:50 2011 +0100
summary:     CA-54256: Import fix to racy ASSERT from unstable

changeset:   708:b58fdd7741e6
user:        Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
date:        Mon Oct 03 11:47:12 2011 +0100
summary: CA-65268 - prevent the kexec path attempting to spinlock an uninitialised variable, hanging the box

changeset:   707:824b34cd748a
user:        Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
date:        Mon Oct 03 11:46:39 2011 +0100
summary: CA-65267 - Remove time-calibration-verbose for HFX-223. It causes a deadlock in an irq handler under certain circumstances.

changeset:   706:dd41da12d322
user:        Simon Rowe <simon.rowe@xxxxxxxxxxxxx>
date:        Wed Jul 13 08:42:47 2011 +0100
summary:     CA-58864: backport fix for CVE-2011-1898

changeset:   705:bd910c290295
user:        Simon Rowe <simon.rowe@xxxxxxxxxxxxx>
date:        Wed Jul 13 08:42:23 2011 +0100
summary:     CA-57424: backported cve-2011-1583-4.0.patch



Lars

On 15/06/2012 15:19, Mike McClurg wrote:
On 13/06/12 17:06, George Shuklin wrote:
Good day.

Few days ago very serious issue has been published, allowing 64-bit
PV-guest gain control over dom0. AFAIK this is fully affect XCP 1.1

Here more data
http://permalink.gmane.org/gmane.comp.security.oss.general/7851

I found that http://support.citrix.com/article/CTX133176 is fixing that.

Now, I have few questions:
1) Can I use xen and kernel rpms from that update to install them in XCP
installation?
2) What is legal status of that operation? Can I just install xen and
linux from XenServer to XCP? (I'm not talking about StrageLink or some
closed components, only xen and linux)
3) May I freely publish extracted rpms (this is very non-trivial
operation)?


I have added new xen-hypervisor RPMs to the dowloads.xen.org site for
both XCP 1.0 [1] and XCP 1.1 [2]. By tomorrow we'll have updated ISOs
for each, as well. Thanks to George for posting the repackaged
XenServer rpms.

To install the RPMs that I've uploaded, download them to your dom0 and
install them with 'rpm -U'.

Mike

[1] http://downloads.xen.org/XCP/xcp-1.0-rpms/
[2] http://downloads.xen.org/XCP/xcp-1.1-rpms/

_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api




_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.