Does anyone have any details of the XenServer DOS patch? One of my coworkers got the following email from Citrix stating that XenServer has a patch. Does anyone know if the DOS attach is XenServer specific or if it also applies to Xen? --- 8< cut >8 --- This email is to notify you that the following Security Bulletins have been newly created or modified: Vulnerability in Citrix XenServer 5.6 could result in credential disclosure http://support.citrix.com/article/CTX129228 This entry applies to: XenServer 5.6 Citrix XenServer Denial of Service vulnerabilities http://support.citrix.com/article/CTX129208 This entry applies to: XenServer 5.5 XenServer 5.6 XenServer 5.0 Update 3 XenServer 5.6 FP 1 --- 8< cut >8 --- Mel -- Melody Bliss Usenix, SAGE and LOPSA Charter Member Patron Member of the NRA _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Bastian Blank
2011-May-14 14:43 UTC
Re: [Xen-users] XenServer Denial of Service patch details?
On Fri, May 13, 2011 at 09:51:45AM -0700, Melody Bliss wrote:> Does anyone have any details of the XenServer DOS patch?This smells like CVE-2011-1166. Please always cite the CVE designation.> One of my coworkers got the following email from Citrix stating that > XenServer has a patch. Does anyone know if the DOS attach is XenServer > specific or if it also applies to Xen?It applies to Xen and is fixed in 4.1 and pending for 4.0. Bastian -- Worlds are conquered, galaxies destroyed -- but a woman is always a woman. -- Kirk, "The Conscience of the King", stardate 2818.9 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Melody Bliss
2011-May-16 04:08 UTC
Re: [Xen-users] XenServer Denial of Service patch details?
On Sat, May 14, 2011 at 7:43 AM, Bastian Blank <bastian@waldi.eu.org> wrote:> On Fri, May 13, 2011 at 09:51:45AM -0700, Melody Bliss wrote: >> Does anyone have any details of the XenServer DOS patch? > > This smells like CVE-2011-1166. Please always cite the CVE designation.Bastian, I would have but I had no details of this vulnerability other than the XenServer URL links pointing to the patches for it, thus my request if anyone had details on this DOS.>> One of my coworkers got the following email from Citrix stating that >> XenServer has a patch. Does anyone know if the DOS attach is XenServer >> specific or if it also applies to Xen? > > It applies to Xen and is fixed in 4.1 and pending for 4.0.Do we know if there is a 3.x patch at all? I''m going to assume no since work looks to be going on on 4.x instead typically. Mel -- Melody Bliss Usenix, SAGE and LOPSA Charter Member Patron Member of the NRA _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users