Scope
Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation
Source
http://support.citrix.com/article/CTX133161
How to extract
- Download your update
(select from table in link above, xcp1.1 == xenserver 5.6 fp1)
For XCP 1.1 it is:
http://support.citrix.com/servlet/KbServlet/download/31079-102-683876/XS56EFP1011.zip (173 Mb!)
If you running different version of XCP, see your version of package and adopt filename
- unzip it: unzip XS56EFP1011.zip
- uncrypt and verify:
gpg --homedir /opt/xensource/gpg/ --no-default-keyring --keyring /opt/xensource/gpg/pubring.gpg --decrypt XS56EFP1011.xsupdate | dd bs=4k skip=1 |tar xv
- You'll get bunch of files, the THE MAIN FIX (xen hole) is in the xen-hypervisor-3.4.2-5.6.100.705.20055.i686.rpm.
- Now, ugrade: rpm -U xen-hypervisor-3.4.2-5.6.100.705.20055.i686.rpm
NOTE: You need to reboot host after applying that patch.
Direct update download
If you are really lazy to do all that, you can download xen-hypervisor-3.4.2-5.6.100.705.20055.i686.rpm directly from this site, if you trust internets to run THAT hypervisor on you product servers, ke-ke-ke :-]
For comments: write to xen-api [atat] lists.xensource.com, I'm (George Shuklin) is usually there.
Stupid ad goes here
Selectel.ru - cloud IaaS hosting, running on Xen Cloud Platform with only actually consumed resources payed for virtual machines.