Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Significant Xen Security Bug
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Significant Xen Security Bug

    https://raw.githubusercontent.com/QubesOS/qubes-secpack/master/QSBs/qsb-022-2015.txt - found via https://news.ycombinator.com/item?id=10471912 where you might find useful discussion.

    Looks like any guest VM can compromise an unpatched host (and therefore other guests) in a complete and untraceable manner.

    If you use Xen, patch now or at least investigate to prove that the version/configuration you are running is not affected, if you have not already done so. If you use a service provider that uses Xen who has not already patched or announced plans to do so, drop them a line in case they have not yet been informed.

    Comments

    • perennateperennate Member, Provider
      edited October 2015

      @AnthonySmith mentioned that most hosts won't be affected by this; is it specific to some configuration (other than only PV)?

    • @perennate said:
      AnthonySmith mentioned that most hosts won't be affected by this; is it specific to some configuration (other than only PV)?

      Could it be that he was meaning most hosts, bigger name players at least, won't be affected by this any more having been informed earlier than the public announcement and already patched?

    • AnthonySmithAnthonySmith Top Provider

      The complexity involved in 148 is insane, I am patched up anyway but regardless you need to keep in mind that this 'security concern' has been present in Xen for 7 years, anyone smart enough to put it to any use already has.

      Thanked by 1perennate

      Had enough of the scams on lowendbox, lowendtalk is now being infiltrated by corruption so I have chosen to make an low end exit #lexit for now - you can find me HERE

    • winnervpswinnervps Member, Provider
      edited October 2015

      I felt that 'security concern' has been everywhere around the universe. Well, especially after 09 / 11. XSA has been published this hole around sometime ago.

      WINNERvps | LA/NYC/UK/CA/SG/ID Windows Xen Forex VPS, Asia Server, SG Colocation and ID Rack Services

    • rm_rm_ Member
      edited October 2015

      AnthonySmith said: keep in mind that this 'security concern' has been present in Xen for 7 years, anyone smart enough to put it to any use already has.

      i.e.: If you used any Xen VPS whatsoever over the past 7 years, you can't be certain that whatever was on it isn't leaked or tampered with.

    Sign In or Register to comment.