Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation


How to extract

  1. Download your update (select from table in link above, xcp1.1 == xenserver 5.6 fp1)
    For XCP 1.1 it is: (173 Mb!)
    If you running different version of XCP, see your version of package and adopt filename
  2. unzip it: unzip
  3. uncrypt and verify:
    gpg --homedir /opt/xensource/gpg/ --no-default-keyring --keyring /opt/xensource/gpg/pubring.gpg --decrypt XS56EFP1011.xsupdate | dd bs=4k skip=1 |tar xv
  4. You'll get bunch of files, the THE MAIN FIX (xen hole) is in the xen-hypervisor-3.4.2-
  5. Now, ugrade: rpm -U xen-hypervisor-3.4.2-
NOTE: You need to reboot host after applying that patch.

Direct update download

If you are really lazy to do all that, you can download xen-hypervisor-3.4.2- directly from this site, if you trust internets to run THAT hypervisor on you product servers, ke-ke-ke :-] For comments: write to xen-api [atat], I'm (George Shuklin) is usually there.

Stupid ad goes here - cloud IaaS hosting, running on Xen Cloud Platform with only actually consumed resources payed for virtual machines.