Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Alerts/Xen-2015-04-15

From EGIWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
EGI-CSIRT web site EGI-CSIRT Public wiki EGI-CSIRT Contacts EGI-CSIRT Activities EGI-CSIRT Private wiki 



** WHITE information - Unlimited distribution allowed                       **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **



EGI CSIRT ADVISORY [EGI-ADV-20150415]  

Title:       EGI Alert 'High' risk - Xen Vulnerability Hypervisor memory 

corruption due to x86 emulator flaw CVE-2015-2151  [EGI-ADV-20150415]

Date:        2015-04-15
Updated:     

URL:         https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Xen-2015-04-15  



Introduction
============

Currently there is increasing use of the Xen hypervisor in the EGI infrastructure. 

Vulnerabilities for the Xen hypervisor are listed in [R 1]

One of these vulnerabilities CVE-2015-2151 (123 on the list, announced on 10th 

March 2015) we consider needs to be treated as 'High' risk.  


Details
=======

See [R 1] and [R 2]


Risk category
=============

This issue has been assessed as 'High' EGI SVG Risk Assessment Team 


Recommendations
===============

If sites are using the Xen hypervisor, and have not updated in the last month, 

they should update as soon as possible.



References
==========

[R 1] Xen vulnerability list http://xenbits.xen.org/xsa/

[R 2] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2151


Timeline 
========
Yyyy-mm-dd

2015-03-05 SVG alerted to Xen vulnerabilities list
2015-03-10 SVG alerted to further Xen vulnerabilities, including the one referred  

          to in this advisory
2015-03-11 Initial assessment made, few commented due to small number of people 
           in EGI SVG with expertise on Xen.
2015-04-14 Decision to send alert, as most experienced person considered it to be
          'high' risk 
2015-04-15 Alert sent to sites.
Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:Alerts/Xen-2015-04-15&oldid=78530"