This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] has CVE-2010-3081 been patched in the xen.org kernels?

To: deshantm@xxxxxxxxx
Subject: Re: [Xen-users] has CVE-2010-3081 been patched in the xen.org kernels?
From: Luke S Crawford <lsc@xxxxxxxxx>
Date: 28 Sep 2010 13:44:17 -0400
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 28 Sep 2010 10:45:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTikzZL_Dvas2FL+DBXFk8v1bjS+J_PLFOugNdYwh@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <m3zkv2xbto.fsf@xxxxxxxxxxxxxxxxxx> <AANLkTikzZL_Dvas2FL+DBXFk8v1bjS+J_PLFOugNdYwh@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
Todd Deshane <deshantm@xxxxxxxxx> writes:

> On Tue, Sep 28, 2010 at 9:00 AM, Luke S Crawford <lsc@xxxxxxxxx> wrote:
> >
> >
> > there's lots of talk of the Ac1db1tch3z exploit.   has this been pached
> > in the xen.org dom0 kernels?  the xcp kernels?   I've been using the
> > /proc/sys/fs/binfmt_misc/register  workaround but it'd be better to properly
> > upgrade everything.
> >
> A recent root exploit is mentioned here:
> http://xen.markmail.org/search/?q=%22xen+and+dom0+kernel+builds%22#query:%22xen%20and%20dom0%20kernel%20builds%22+page:1+mid:5tx6app7okp67cdi+state:results

That's the exploit I'm talking about, but that message is about myoung's 
fc12 build... as far as I can read it doesn't mention the 2.6.32.x pvops
kernel or the hg tree.  

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>