|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Amazon PVMs magically weren't affected by XSA 182 vuln
On 09/23/2016 09:42 AM, Ian Murray wrote: ________________________________ From: Chris Laprise <tasket@xxxxxxxxxxxxxxx> To: xen-users@xxxxxxxxxxxxx Cc: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx> Sent: Friday, 23 September 2016, 14:09 Subject: [Xen-users] Amazon PVMs magically weren't affected by XSA 182 vuln Hello list... Has anyone seen a good explanation as to why Amazon services were not vulnerable to XSA182 / CVE-2016-6258 ? I understand they offer PV guests on x86.Perhaps because they get to patch before most people, as they are in the pre-disclosure list? https://www.xenproject.org/security-policy.html And yet, an XSA can trigger updates at AWS that require explanation of the disruption... https://aws.amazon.com/blogs/aws/ec2-maintenance-update-2/So I wondered if in some cases Amazon's in-house versions may not have been vulnerable in the first place. "All versions of Xen are vulnerable." https://xenbits.xen.org/xsa/advisory-182.html "AWS customers' data and instances are not affected by this issue, and there is no customer action required." https://aws.amazon.com/security/security-bulletins/xsa-security-advisory-xsa-182/ Chris _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx https://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |