Get the lowest-cost and the best server colocation service in the business. Learn more.
Information Technology News.

Xen Project fixes two bugs in its virtualization software

Share on Twitter.

Get the best SMTP service for your business. Guaranteed or your money back.

January 21, 2016

As a whole, Xen Project's general policy is to let big cloud operators and others on a pre-disclosure list know about bugs two weeks before the rest of us, so that the flaws can be fixed before bad guys try to exploit it.

So the Xen Project were busy on the Dec. 31 to Jan. 3rd period fixing 2 known bugs. January 20th saw the release of the bugs to those of us with less-sensitive Xen systems.

This means that cloud operators got wind of them on the 6th, which may have been rather a stern post-holidays jump-starter-upper if you will.

Bug number XSA-167 comes about because the PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests, Xen says.

It added that “unknown effects” are the result, “ranging from information leaks through Denial of Service potential attacks to privilege escalation.”

None of those are either pleasant or desirable. So use that patch if you're running Xen 4.3 through Xen-unstable.

Bug number XSA-168 is also quite nasty as well, as the priveliged INVLPG instruction can fail under some circumstances, creating a hypervisor bug check that in turn means “A malicious guest can crash the host, leading to a Denial of Service attack from the wild.”

It will be interesting to see in the mean time if newer bugs are discovered in the software.

Source: The Xen Project.

Get the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.