Scope

Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation

Source

http://support.citrix.com/article/CTX133161

How to extract

  1. Download your update (select from table in link above, xcp1.1 == xenserver 5.6 fp1)
    For XCP 1.1 it is:
    http://support.citrix.com/servlet/KbServlet/download/31079-102-683876/XS56EFP1011.zip (173 Mb!)
    If you running different version of XCP, see your version of package and adopt filename
  2. unzip it: unzip XS56EFP1011.zip
  3. uncrypt and verify:
    gpg --homedir /opt/xensource/gpg/ --no-default-keyring --keyring /opt/xensource/gpg/pubring.gpg --decrypt XS56EFP1011.xsupdate | dd bs=4k skip=1 |tar xv
  4. You'll get bunch of files, the THE MAIN FIX (xen hole) is in the xen-hypervisor-3.4.2-5.6.100.705.20055.i686.rpm.
  5. Now, ugrade: rpm -U xen-hypervisor-3.4.2-5.6.100.705.20055.i686.rpm
NOTE: You need to reboot host after applying that patch.

Direct update download

If you are really lazy to do all that, you can download xen-hypervisor-3.4.2-5.6.100.705.20055.i686.rpm directly from this site, if you trust internets to run THAT hypervisor on you product servers, ke-ke-ke :-] For comments: write to xen-api [atat] lists.xensource.com, I'm (George Shuklin) is usually there.

Stupid ad goes here

Selectel.ru - cloud IaaS hosting, running on Xen Cloud Platform with only actually consumed resources payed for virtual machines.