Security Statement: Xen Hypervisor Vulnerability [Expired]
Posted by Kevin Stange on 30 September 2014 05:10 PM |
|
A vulnerability has recently been disclosed in the Xen hypervisor, affecting versions 4.1 and later. This vulnerability could allow a virtual machine to crash the hypervisor or access information from the hypervisor and other running VMs. It has been assigned the ID CVE-2014-7188 in the Common Vunerabilities and Exposures database and ID XSA-108 by the Xen Project. The Steadfast Cloud Platform uses Xen as a hypervisor for virtual machines. We have reviewed the correction and evaluated the running software. We determined that our system is not impacted by the vulnerability in XSA-108 because the affected feature is not supported by the version of Xen we use. As a result of this determination, we will not need to schedule reboots of our hypervisors. If you are running Xen hypervisor on your own server, please review the advisory and check with your Xen software provider for an updated package, then reboot your hypervisor. If you have any questions or need assistance, please contact us and we'll be happy to help. | |