similar to: Updated Xen packages available

On Wed, Feb 17, 2016 at 12:30 PM, George Dunlap <dunlapg at umich.edu> wrote: > I have the following packages going through the CBS: > * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 > * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 > * A CentOS 6 xen-4.4.3-11, with XSAs 170 > > All these should show up in mirrors hopefully sometime later today. > As usual, please report

I have the following packages going through the CBS: * A CentOS 7 xen-4.6.1-2, with XSAs 170 and 154 * A CentOS 6 xen-4.6.1-2, with XSAs 170 and 154 * A CentOS 6 xen-4.4.3-11, with XSAs 170 All these should show up in mirrors hopefully sometime later today. As usual, please report any problems here. Xen 4.4 only has XSA 170 because at the time the embargo was lifted, I didn't have a suitable

XSA 169 is out, but is low-priority and has a work-around, so I'm going to batch it together with XSAs 167-168 and release a new 4.4.3 package when the embargo is lifted next Wednesday. This will be the last XSA update for the 4.4.3 packages. Today or tomorrow I will push the Xen 4.6.0 packages to buildlogs for testing; and sometime after the final 4.4.3 packages are released, I will push

Just to let people know what's going on: The embargo for XSA-135 lifted today at 1400 UTC. The embargoes for XSAs 134 and 136 lift tomorrow at 1200 UTC. XSA-135 only affects guests which have been assigned a PCNET emulated NIC, which is not the default; as such, it doesn't seem terribly urgent to push the fix today. So rather than push one fix today and another tomorrow, our plan is

We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list

I've built & tagged packages for CentOS 6 and 7 4.6.6-9, with XPTI "stage 1" Meltdown mitigation. This will allow 64-bit PV guests to run safely (with a few caveats), but incurs a fairly significant slowdown for 64-bit PV guests on Intel boxes (including domain 0). If you prefer using Vixen / Comet, you can turn it off by adding 'xpti=0' to your Xen command-line.

Thanks George. As there are now quite many options to choose from, what would be the best option performance wise for running 32bit domUs under xen-4.6? Best, Peter On Wed, Jan 17, 2018 at 7:14 PM, George Dunlap <dunlapg at umich.edu> wrote: > I've built & tagged packages for CentOS 6 and 7 4.6.6-9, with XPTI > "stage 1" Meltdown mitigation. > > This will

On Wed, Nov 18, 2015 at 1:31 PM, Pasi K?rkk?inen <pasik at iki.fi> wrote: > On Wed, Nov 18, 2015 at 02:20:49PM +0200, Manuel Wolfshant wrote: >> On 11/18/2015 02:08 PM, Pasi K?rkk?inen wrote: >> >Hello, >> > >> >On Sun, Nov 15, 2015 at 06:42:18PM +0200, Pasi K?rkk?inen wrote: >> >>On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi K?rkk?inen wrote:

I've got a first cut of the rebase here: git://github.com/gwd/sig-virt-xen out/update-4.4.1-rc1-ee81dda-RFC To build it, you'll need to download the polarssl tarball: http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz And you'll need a tarball based on (unfortunately) a private tree, which you can find here: git://github.com/gwd/xen base/update-4.4.1-rc1-ee81dda-RFC This

On Thu, Nov 19, 2015 at 12:28 PM, George Dunlap <dunlapg at umich.edu> wrote: > On Wed, Nov 18, 2015 at 1:31 PM, Pasi K?rkk?inen <pasik at iki.fi> wrote: >> On Wed, Nov 18, 2015 at 02:20:49PM +0200, Manuel Wolfshant wrote: >>> On 11/18/2015 02:08 PM, Pasi K?rkk?inen wrote: >>> >Hello, >>> > >>> >On Sun, Nov 15, 2015 at 06:42:18PM

To install the package: yum --enablerepo=virt-xen-VV-testing xen-vixen Where VV is '44', '46', or '48', depending on which version you're using. (It's the same package for all versions.) This will install the xen-vixen "shim" binary, as well as the pvshim-converter script. See XSA-254 [1] for detailed information about who should use it, why, and

(*Really* switching to my personal address not because I'm not doing work for Citrix, but because the corporate email is not working properly. Sigh. Also, email updated a bit.) Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"): > Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"): > > Hi. I was away and am now back. There are a lot

I've got Xen 4.4.2 in virt6-testing. I haven't had a chance to test it, and won't for another week or two; but if some volunteers can put it through its paces, I can ask Johnny to push it to the public repo sometome early next week. Thanks, -George

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to

Just a heads-up: A Xen package with XSAs through 163 is on its way through the build system. I'll send an announcement when I've tagged it as ready to be propagated to the mirrors. As with the last XSA update, it will depend on having manually updated to the new Virt SIG repository layout. If you haven't already please run the following in preparation: yum install

Package: xen-qemu-dm-4.0 Version: 4.0.1-2+squeeze1 Severity: grave Tags: squeeze Copying the Xen Security Advisory: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-19 guest administrator can access qemu monitor console ISSUE DESCRIPTION ================= A guest administrator who is granted access to the graphical console of a Xen guest can

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2012 10:13 AM, Xen.org security team wrote: > Xen Security Advisory XSA-19 > > guest administrator can access qemu monitor console > > > ISSUE DESCRIPTION > ================= > > A guest administrator who is granted access to the graphical console > of a Xen guest can access the qemu

Well when the last upgrade 4.2 > 4.4 went live and XM was disabled by default it took many hosts down without warning. 4.4 > 4.6 may cause the same issues. It's a dangerous upgrade for sure. Why can't 4.4 be LTS for C6? as it's the last build with XM. Any XSA patches should not be hard to backport. and maybe the optional xen4.6 for C6. On 21 January 2016 at 13:09, President

Hi everyone at the security team, I'd like to upload an update of xen-qemu-dm-4.0 in Squeeze. Below is the Xen Security Advisory as I received it, attached is the patch that they provided. Both the debdiff and the updated packages are available in here: http://archive.gplhost.com/pub/security/xen-qemu-dm-4.0/ Please allow me to upload this fix. If you wish, I can prepare a DSA as well (but

xen-4.4.2-2, available from the virt6-testing repository, includes the fix for this issue. Note that Xen actually does attempt to disable the floppy disk for HVM domains by default, but due to a bug in qemu, the floppy disk only partially disabled; enough functionality to exploit this bug remains. This should be available from the normal xen4 repositories sometime this afternoon. -George