Recent security updates

| | Comments (0)
All updates were completed by the embargo end date for the respective advisory.

At least the following two security advisories were covered:

XSA-122 can be thought of as heartbleed in between VMs on the same physical server. Uninitialised ram was being returned to a VM.

XSA-123 is more serious. "Arbitrary code execution, and therefore privilege escalation, cannot be excluded." This appears to be with reference to other VMs running on the same physical server according to http://www.insinuator.net/2015/03/xen-xsa-123/

Other recently publicized security advisories do not apply as we do not run any arm or HVM mode VMs and do not allow PCI passthrough.

Leave a comment

About this Entry

This page contains a single entry by srn published on March 10, 2015 10:56 AM.

resolver01 down temporarily was the previous entry in this blog.

Billing interface going offline for maintenance is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.