tag:blogger.com,1999:blog-53606289323998026312024-03-19T13:31:35.772+09:00XenServerで遊んでみたXenServer 6.2 (clearwater) と XenServer 6.5 (Creedence) を中心に雑な感じで書いていきます。といいながら、すでにXenServer7.2がリリースされている・・・だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.comBlogger144125tag:blogger.com,1999:blog-5360628932399802631.post-17940768862582663002019-12-14T14:37:00.001+09:002019-12-14T14:37:23.146+09:00Google Nest WiFiでハマったことGoogle Nest WiFi で苦労した点を書いておく。<br />
Google Nest WiFi は基本的には情弱専用機なので細かい設定ができない。<br />
当然デバックログやSyslog飛ばしができないのでなぜ接続に失敗したか不明。<br />
不自由なく設定できるのであれば、この端末を買うことをお勧めしない。<br />
<br />
1.SSIDで空白とか記号とか使っているとつながらない端末が出たりする。<br />
これは、単純に空白がないSSIDに変更すればいい。<br />
<br />
2.これはIntelの問題か?ノートPCで、接続はできたがインターネットにつながらないという症状。<br />
利用しているのは Intel Dual Band Wireless-AC 7265。<br />
対応としては、802.11n/acを無効化したらつながった。(本日時点でWindows Updateおよびドライバは最新)<br />
で、1度つながると、有効化しても問題なくつながるようになる。<br />
<br />
具体的には下記の通り。<br />
コントロールパネルから、デバイスマネージャを開いて<br />
「ネットワークアダプター」内の「Intel Dual Ban Wireless-AC 7265」を右クリック。プロパティを選択。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGp53hujuRJrQompJxnkcJPkbVoNJRYwT2YswJ5njld8-uCGXCDQ1cmusSGVfyUSAxCviGvnZhb5VuYH_uz3uLq-YLk-30u8LaAxb6EHW1yBi9SuMbRTDZQWn0dl2KW56oL-co4E4Noiw/s1600/wifi1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="725" data-original-width="1016" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGp53hujuRJrQompJxnkcJPkbVoNJRYwT2YswJ5njld8-uCGXCDQ1cmusSGVfyUSAxCviGvnZhb5VuYH_uz3uLq-YLk-30u8LaAxb6EHW1yBi9SuMbRTDZQWn0dl2KW56oL-co4E4Noiw/s320/wifi1.png" width="320" /></a></div>
<br />
「詳細設定」タブの802.11n/acワイヤレスモードを選択して、「無効」。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcXjuK614R9coF12hXiFwOnCP_umWZH9aZOlcJFYv2g_Vuhk9KwNksnsl9Qktlyi-G7-Ao55lLbPcYx62n8yse3uSrEc6wUZ4jI0nALqvttZv7dYoL82TXubePMizUjPZcHQrz7QE3cQE/s1600/wifi2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="518" data-original-width="466" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcXjuK614R9coF12hXiFwOnCP_umWZH9aZOlcJFYv2g_Vuhk9KwNksnsl9Qktlyi-G7-Ao55lLbPcYx62n8yse3uSrEc6wUZ4jI0nALqvttZv7dYoL82TXubePMizUjPZcHQrz7QE3cQE/s320/wifi2.png" width="287" /></a></div>
<br />
これでつながった。<br />
細かい設定ができないからストレスたまるね、この端末。だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-22494475969262905682019-05-28T11:44:00.002+09:002019-08-01T15:48:08.033+09:00 Citrix Hypervisor 8.0 のパッチリスト<span style="color: #6aa84f; font-size: x-small;">2019/8/1 時点</span><br />
<br />
今度はちゃんと広まるのか?この名前 Citrix Hypervisor<br />
今までXenServerをXSとか使ってたけど、今後は、CHなのか。CH8とかCH9とか。<br />
ちなみにパッチのファイル名はXS80E001って感じで、既存踏襲です。<br />
<br />
<br />
Patch情報は下記を参照。XS7系と同じ。<br />
<span style="font-family: inherit;"><span style="color: #333333;"><span style="background-color: white;"><b>Recommended Hotfixes for Citrix Hypervisor (Formerly XenServer )</b></span><span style="background-color: white;"><br /></span></span></span><a href="https://support.citrix.com/article/CTX225835" style="font-family: inherit;">https://support.citrix.com/article/CTX225835</a><br />
<div style="background-color: white; box-sizing: border-box; clear: both; line-height: 1.2; margin: 20px 0px 15px; outline: 0px; padding: 0px;">
<div style="color: #333333;">
<br />
<b><span style="font-size: large;">適用順</span></b><br />
<br />
<ol>
<li>XS80E002</li>
<li>XS80E003</li>
</ol>
<br />
<br />
<br />
<span style="font-size: large;"><b>詳細</b></span></div>
<h4>
<span style="font-family: inherit; font-size: xx-small;"><span style="color: #333333;"><a href="https://support.citrix.com/article/CTX250041">Hotfix XS80E001 - For Citrix Hypervisor 8.0</a></span></span></h4>
</div>
<div>
<ul>
<li>Xen関連のSecurityFix。</li>
<li>XS80E003に含まれる。</li>
</ul>
</div>
<div>
<br /></div>
<div>
<h1 class="article_title" data-swapid="article_title" style="background-color: white; box-sizing: border-box; clear: both; color: #333333; line-height: 1.2; margin: 20px 0px 15px; outline: 0px; padding: 0px;">
<span style="font-size: small;"><a href="https://support.citrix.com/article/CTX256714">Hotfix XS80E002 for Citrix Hypervisor 8.0</a></span></h1>
</div>
<div>
<ul>
<li>Security Update</li>
<ul>
<li><span style="background-color: white; color: #333333; font-size: 16px;">CVE-2019-11477: SACK Panic</span></li>
<li><span style="background-color: white; color: #333333; font-size: 16px;">CVE-2019-11478: Excess resource usage</span></li>
</ul>
</ul>
<h1 class="article_title" data-swapid="article_title" style="background-color: white; box-sizing: border-box; clear: both; color: #333333; line-height: 1.2; margin: 20px 0px 15px; outline: 0px; padding: 0px;">
<span style="font-size: small;"><a href="https://support.citrix.com/article/CTX258320">Hotfix XS80E003 - For Citrix Hypervisor 8.0</a></span></h1>
</div>
<div>
<ul>
<li style="box-sizing: border-box; list-style: disc outside none; margin-bottom: 10px;">After live migration, a Windows VM can hang for over a minute.</li>
<li style="box-sizing: border-box; list-style: disc outside none; margin-bottom: 10px;">If you run your Windows VMs with the viridian_reference_tsc flag enabled, the VM might crash during migration.</li>
<li style="box-sizing: border-box; list-style: disc outside none; margin-bottom: 10px;">VM作る前に、このパッチは当てておこう。</li>
</ul>
</div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-37342568645656769602017-12-07T08:00:00.000+09:002019-05-28T11:33:04.803+09:00XenServer7.1 のパッチリスト<span style="color: #6aa84f;">2017/12/7 時点</span><br />
<br />
<b>Recommended Hotfixes for XenServer 7.x</b><br />
<a href="https://support.citrix.com/article/CTX225835">https://support.citrix.com/article/CTX225835</a><br />
<br />
XS6.xは下記<br />
<a href="http://support.citrix.com/article/CTX138115">http://support.citrix.com/article/CTX138115</a><br />
ここを見ておけばよい<br />
<br />
<br />
<b>適用</b><br />
<ul>
<li>Hotfix XS71E001 - For XenServer 7.1</li>
<li>Hotfix XS71E009 - For XenServer 7.1</li>
<li>Hotfix XS71E010 - For XenServer 7.1</li>
<li>Hotfix XS71E014 - For XenServer 7.1</li>
<li>Hotfix XS71E018 - For XenServer 7.1</li>
<li>Hotfix XS71E019 - For XenServer 7.1</li>
</ul>
XS71E018とXS71E019は同じSecurityFix。<br />
<b><br /></b>
<b>Hotfix XS71E001 - For XenServer 7.1</b><br />
<a href="https://support.citrix.com/article/CTX222368">https://support.citrix.com/article/CTX222368</a><br />
お決まりのXenCenterの更新<br />
<br />
<b><strike>Hotfix XS71E003 - For XenServer 7.1</strike></b><br />
<div>
<a href="https://support.citrix.com/article/CTX223285">https://support.citrix.com/article/CTX223285</a></div>
BugFix<br />
XS71へアップグレード後、NFSをSRに新規またはアタッチに失敗する<br />
XS71E010に含まれる<br />
<br />
<b><strike>Hotfix XS71E005 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX221590">https://support.citrix.com/article/CTX221590</a><br />
セキュリティFIX<br />
CVE-2016-9603 (High): QEMU: Cirrus VGA Heap overflow via display refresh<br />
HVMがなければ影響なし<br />
※XS7.1ではWindowsはHVMとして考える。<br />
<br />
<b><strike>Hotfix XS71E004 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX222843">https://support.citrix.com/article/CTX222843</a><br />
BugFIX<br />
・Bondingの不具合修正<br />
・GPUアパチャーサイズを小さく指定しすぎたときにXAPIがエラーになる件の修正<br />
<br />
<b><strike>Hotfix XS71E006 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX222424">https://support.citrix.com/article/CTX222424</a><br />
セキュリティFIX<br />
CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest breakout<br />
CVE-TBA (Low): memory leak when destroying guest without PT devices<br />
CVE-2016-10013 (Low): x86: Mishandling of SYSCALL singlestep during emulation<br />
XS71E007に含まれる。<br />
<br />
<b><strike>Hotfix XS71E007 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX223290">https://support.citrix.com/article/CTX223290</a><br />
BugFix<br />
・UEFIの不具合修正。(稀にUEFIのVMのRebootが失敗する)<br />
・8vCPU以上のVMでDirect Inspect APIが有効の場合、起動に失敗する<br />
XS71E008に含まれる。<br />
<br />
<b><strike>Hotfix XS71E008 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX223858">https://support.citrix.com/article/CTX223858</a><br />
BugFix<br />
Linux Kernel 4.10以降でVMの起動に失敗する。<br />
多分、<span style="background-color: white; color: #333333; font-family: "arial" , sans-serif;">Booting SMP configurationの件。</span><br />
<span style="background-color: white; color: #333333; font-family: "arial" , sans-serif; font-size: 14px;">XS71E011に含まれる。</span><br />
<span style="background-color: white; color: #333333; font-family: "arial" , sans-serif; font-size: 14px;"><br /></span>
<span style="color: #333333; font-family: inherit;"><b>Hotfix XS71E009 - For XenServer 7.1</b></span><br />
<span style="color: #333333; font-family: inherit;"><a href="https://support.citrix.com/article/CTX225676">https://support.citrix.com/article/CTX225676</a></span><br />
<span style="color: #333333; font-family: inherit;">BugFix</span><br />
<span style="background-color: white; color: #333333; font-family: inherit;"></span><br />
<span style="color: #333333; font-family: inherit;">・XenServerの不具合修正。適用推奨</span><br />
<div>
<br /></div>
<span style="background-color: white; color: #333333; font-family: "arial" , sans-serif; font-size: 14px;"><br /></span>
<b>Hotfix XS71E010 - For XenServer 7.1</b><br />
<a href="https://support.citrix.com/article/CTX224899">https://support.citrix.com/article/CTX224899</a><br />
BugFix<br />
LVM over iSCSI環境下の修正とiSCSI接続不具合修正。<br />
<br />
<b><strike>Hotfix XS71E011 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX224691">https://support.citrix.com/article/CTX224691</a><br />
SecurityFix<br />
VMが乗っ取られると他にも悪さできちゃう系のセキュリティFIX<br />
XS71E012とペア。011がXenの更新。<br />
<br />
<b><strike>Hotfix XS71E012 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX224697">https://support.citrix.com/article/CTX224697</a><br />
SecurityFix<br />
VMが乗っ取られると他にも悪さできちゃう系のセキュリティFIX<br />
XS71E011とペア。012がKernelの更新。<br />
<div>
<br />
<b><strike>Hotfix XS71E013 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX226298">https://support.citrix.com/article/CTX226298</a><br />
BugFix(Hardware Erratum)<br />
Intel CPU HaswellとBroadwellの不具合対応。<br />
<br />
<b>Hotfix XS71E014 - For XenServer 7.1</b><br />
<a href="https://support.citrix.com/article/CTX226299">https://support.citrix.com/article/CTX226299</a><br />
BugFix<br />
一時に超たくさんのVMを同時に起動するとKernelがSoftlockupになる不具合修正<br />
<br />
<b><strike>Hotfix XS71E015 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX227234">https://support.citrix.com/article/CTX227234</a><br />
SecurityFix<br />
・NUMA(Non-Uniform Memory Access)コードパラメタ検証漏れ<br />
・悪意あるPVが、ハイパバイザをクラッシュできる系の修正<br />
<br />
<b><strike>Hotfix XS71E016 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX228720">https://support.citrix.com/article/CTX228720</a><br />
SecurityFix<br />
・PVベースVM無し、PCIパススルー利用無し、HAP(Hardware Assisted Paging)をサポートしているハードウェアを利用している であれば、リスクは少ないらしい。<br />
<br />
<b><strike>Hotfix XS71E017 - For XenServer 7.1</strike></b><br />
<a href="https://support.citrix.com/article/CTX229065">https://support.citrix.com/article/CTX229065</a><br />
SecurityFix<br />
・悪意あるVMが、ハイパバイザをクラッシュ/DoSできる系の修正<br />
<br />
<b>Hotfix XS71E018 - For XenServer 7.1</b><br />
<a href="https://support.citrix.com/article/CTX229545">https://support.citrix.com/article/CTX229545</a><br />
SecurityFix<br />
・XS71E019と同じ内容(xen-device-modelの修正)<br />
・HVMのみ対象<br />
・悪意あるHVMが、ハイパバイザをクラッシュ/DoSできる系の修正<br />
・shadowページとかPoD(Populate on Demand)とかの修正<br />
・Cirrus LogicのEmuの修正(kvm?)<br />
<br />
<b>Hotfix XS71E019 - For XenServer 7.1</b><br />
<a href="https://support.citrix.com/article/CTX230159">https://support.citrix.com/article/CTX230159</a><br />
SecurityFix<br />
・XS71E018と同じ内容(xen-hypervisorの修正)</div>
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-75412690386236863232017-11-15T03:02:00.002+09:002017-11-15T03:02:32.093+09:00XenServer7.1 のベースディストリビューション今まではこれで行けてたけど、隠されちゃった。<br />
<br />
<blockquote class="tr_bq">
[root@dxym etc]# rpm -qif /etc/redhat-release<br />Name : xenserver-release<br />Version : 7.1.0<br />Release : 1<br />Architecture: x86_64<br />Install Date: Mon 13 Nov 2017 03:50:30 PM JST<br />Group : System Environment/Base<br />Size : 10877<br />License : GPLv2<br />Signature : RSA/SHA1, Fri 17 Feb 2017 04:58:03 AM JST, Key ID 8e9fbab01c98b82a<br />Source RPM : xenserver-release-7.1.0-1.src.rpm<br />Build Date : Thu 16 Feb 2017 10:20:20 PM JST<br />Build Host : 519e6dbb346d<br />Relocations : (not relocatable)<br />Summary : XenServer release file<br />Description :<br />XenServer release files</blockquote>
<br />
まぁ、でも全部隠せるわけないので、適用に実行。<br />
<br />
<blockquote class="tr_bq">
[root@dxym ssh]# rpm -qif /etc/ssh/ssh_config<br />Name : openssh-clients<br />Version : 6.6.1p1<br />Release : 25.el7_2<br />Architecture: x86_64<br />Install Date: Mon 13 Nov 2017 03:56:12 PM JST<br />Group : Applications/Internet<br />Size : 2298871<br />License : BSD<br />Signature : RSA/SHA1, Fri 17 Feb 2017 04:54:19 AM JST, Key ID 8e9fbab01c98b82a<br />Source RPM : openssh-6.6.1p1-25.<span style="color: red;"><b>el7_2</b></span>.src.rpm<br />Build Date : Tue 22 Mar 2016 07:18:48 AM JST<br />Build Host : worker1.bsys.centos.org<br />Relocations : (not relocatable)<br />Packager : CentOS BuildSystem <http://bugs.centos.org><br />Vendor : CentOS<br />URL : http://www.openssh.com/portable.html</blockquote>
<br />
予想通り、CentOS7.2 でした。<br />
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-76335592737627307222017-05-10T07:00:00.000+09:002017-05-10T11:13:16.051+09:00Windowsのコンソール接続<div class="tr_bq">
[Xen-announce] Announcing the Windows PV Console Driver</div>
<a href="https://lists.xen.org/archives/html/xen-announce/2017-05/msg00003.html">https://lists.xen.org/archives/html/xen-announce/2017-05/msg00003.html</a><br />
<br />
XENCONSでWindowsのShellに接続可能になった模様。<br />
<br />
<blockquote>
The XENCONS package also contains a Windows service to monitor the presence of<br />the PV console device and invoke a command shell login process with redirected<br />stdin/stdout. This means that, once the driver package has been installed, if<br />you attach to the PV console and hit ENTER you’ll see a prompt something like<br />this:<br />DESKTOP-KVEHAKT login:<br />From this prompt you can log in as any local user and you’ll then be presented<br />with the command shell:<br />DESKTOP-KVEHAKT login: User<br />Password:<br />Microsoft Windows [Version 10.0.15063]<br />(c) 2017 Microsoft Corporation. All rights reserved.<br />C:\Users\User></blockquote>
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-67698156488853088822017-04-13T06:00:00.000+09:002017-04-13T10:20:48.354+09:00XenServer7.1 updateコマンドxe patch コマンドは廃止されてます。<br />
もし使うとPatchのUUIDが正しく表示されないなど問題が発生します。<br />
xe update コマンドを使いましょう。<br />
<br />
[root@SDL ~]# xe update-list name-label=XS71E001 --minimal<br />
fc438a32-<span style="color: red;">0214-4193</span>-8676-9feb121c6997<br />
<br />
[root@SDL ~]# xe patch-list name-label=XS71E001 --minimal<br />
fc438a32-<span style="color: red;">0000-0000</span>-8676-9feb121c6997<br />
<br />
<br />
<h4>
基本コマンド</h4>
<h3>
アップロード(POOLで1回実施すればよい)</h3>
<b>xe update-upload file-name=XS71E001.iso sr-uuid=SRのUUID</b><br />
一時アップロード用のSRを指定する必要がある。<br />
Master機のLocal SRとかでいいと思う。<br />
<br />
<h3>
プレチェック(ホストごとに実施)</h3>
<b>xe update-precheck hostname=ホスト名 uuid=PATCHのUUID</b><br />
PATCHのUUIDはUPLOADしたときに表示される。<br />
xe update-listでも表示できる<br />
hostname以外にも、host=でHOSTのUUIDも利用できる<br />
<br />
<h3>
適用(ホストごとに実施)</h3>
<b>xe update-apply hostname=ホスト名 uuid=PATCHのUUID</b><br />
PATCHのUUIDはUPLOADしたときに表示される。<br />
xe update-listでも表示できる<br />
hostname以外にも、host=でHOSTのUUIDも利用できる<br />
<br />
<h3>
確認</h3>
<b>xe update-list </b><br />
または<br />
xe update-list uuid=PATCHのUUID<br />
で対象パッチだけ表示<br />
xe update-list hosts=HOSTのUUID<br />
でHOSTに適用されているPATCH情報が表示できる<br />
<div>
<br /></div>
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-90225837755945029782016-07-27T18:50:00.000+09:002016-07-27T18:50:06.294+09:00New Windows PV Drivers<br />
新しいWindows PVドライバがリリースされました。<br />
<br />
<b>Windows PV Drivers</b><br />
<a href="http://www.xenproject.org/developers/teams/windows-pv-drivers.html">http://www.xenproject.org/developers/teams/windows-pv-drivers.html</a><br />
<br />
しかもちゃんとReleased Sign。<br />
<br />
みんなが待ち望んでいたので、MLでは賞賛の嵐です。Thank you Paul!<br />
<br />
プレゼンの説明<br />
<a href="http://wiki.xenproject.org/wiki/Windows_PV_Drivers_Presentation">http://wiki.xenproject.org/wiki/Windows_PV_Drivers_Presentation</a><br />
<br />
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com1tag:blogger.com,1999:blog-5360628932399802631.post-30259459546018557122016-02-24T11:42:00.002+09:002016-02-24T11:44:12.779+09:00XenServer6.5 SP1 のセキュリティFIX情報のまとめ (2016年2月24日時点)<b>XenServer6.5SP1 Xen関連のセキュリティFIX一覧</b><br />
<br />
最新は一番下のXS65ESP1023。<br />
最新を適用すれば、すべての修正が含まれます。<span style="color: red;"><b>※セキュリティ関連のPatchのみです。</b></span><br />
<br />
<br />
<b>CTX142482 - Hotfix XS65E009 - For XenServer 6.5.0</b><br />
<a href="https://support.citrix.com/article/CTX201078">https://support.citrix.com/article/CTX201078</a><br />
CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 * VENOM対応<br />
<br />
<b>CTX142537 - Hotfix XS65E010 - For XenServer 6.5.0</b><br />
<a href="http://support.citrix.com/article/CTX201145">http://support.citrix.com/article/CTX201145</a><br />
CVE-2015-4106 (Medium): Unmediated PCI register access in qemu.<br />
CVE-2015-4163 (Medium): GNTTABOP_swap_grant_ref operation misbehavior.<br />
CVE-2015-4164 (Medium): vulnerability in the iret hypercall handler<br />
CVE-2015-2756 (Low): Unmediated PCI command register access in qemu<br />
CVE-2015-4103 (Low): Potential unintended writes to host MSI message data field via qemu.<br />
CVE-2015-4104 (Low): PCI MSI mask bits inadvertently exposed to guests.<br />
CVE-2015-4105 (Low): Guest triggerable qemu MSI-X pass-through error messages<br />
<br />
<b>CTX201636 - Hotfix XS65E013 - For XenServer 6.5.0</b><br />
<a href="http://support.citrix.com/article/CTX201636">http://support.citrix.com/article/CTX201636</a><br />
CVE-2015-5154: QEMU heap overflow flaw while processing certain ATAPI commands (HVM)<br />
<br />
<b>CTX201740 - Hotfix XS65E014 - For XenServer 6.5.0</b><br />
<a href="http://support.citrix.com/article/CTX201740">http://support.citrix.com/article/CTX201740</a><br />
CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (HVM)<br />
<br />
<b>CTX202438 - Hotfix XS65E015 - For XenServer 6.5.0</b><br />
<a href="http://support.citrix.com/article/CTX202438">http://support.citrix.com/article/CTX202438</a><br />
CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests<br />
CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array<br />
CVE-2015-7970 (Medium): Host crash when migrating a PoD VM<br />
CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting<br />
CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests<br />
<br />
<b>CTX202618 - Hotfix XS65E017 - For XenServer 6.5.0</b><br />
<a href="http://support.citrix.com/article/CTX202618">http://support.citrix.com/article/CTX202618</a><br />
CVE-2015-5307/CVE-2015-8104 (Medium): CPU lockup during fault delivery (HVM)<br />
<br />
<b>CTX142483 - Hotfix XS65ESP1002 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX142483">http://support.citrix.com/article/CTX142483</a><br />
CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 *VENOM<br />
<br />
<b>CTX142538 - Hotfix XS65ESP1004 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX142538">http://support.citrix.com/article/CTX142538</a><br />
CVE-2015-4106 (Medium): Unmediated PCI register access in qemu.<br />
CVE-2015-4163 (Medium): GNTTABOP_swap_grant_ref operation misbehavior.<br />
CVE-2015-4164 (Medium): vulnerability in the iret hypercall handler<br />
CVE-2015-2756 (Low): Unmediated PCI command register access in qemu<br />
CVE-2015-4103 (Low): Potential unintended writes to host MSI message data field via qemu.<br />
CVE-2015-4104 (Low): PCI MSI mask bits inadvertently exposed to guests.<br />
CVE-2015-4105 (Low): Guest triggerable qemu MSI-X pass-through error messages<br />
<br />
<b>CTX201637 - Hotfix XS65ESP1008 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX201637">http://support.citrix.com/article/CTX201637</a><br />
CVE-2015-5154: QEMU heap overflow flaw while processing certain ATAPI commands (HVM)<br />
<br />
<b>CTX201741 - Hotfix XS65ESP1009 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX201741">http://support.citrix.com/article/CTX201741</a><br />
CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (HVM)<br />
<br />
<b>CTX202074 - Hotfix XS65ESP1011 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX202074">http://support.citrix.com/article/CTX202074</a><br />
*HOTFIX<br />
*Windows DHCP server利用時の不具合修正<br />
* GPU Pass-through か vGPU を含むPCI Pass-throughを利用した場合、ホストがクラッシュする(Intel-based serversのみ)<br />
* HVM VMで、XenStore RINGのhvmloaderメッセージを重複させるとHVM VMがクラッシュする<br />
<br />
<b>CTX202439 - Hotfix XS65ESP1014 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX202439">http://support.citrix.com/article/CTX202439</a><br />
CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests<br />
CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array<br />
CVE-2015-7970 (Medium): Host crash when migrating a PoD VM<br />
CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting<br />
CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests<br />
<br />
<b>CTX202619 - Hotfix XS65ESP1016 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX202619">http://support.citrix.com/article/CTX202619</a><br />
CVE-2015-5307/CVE-2015-8104 (Medium): CPU lockup during fault delivery (HVM)<br />
<br />
<b>CTX203494 - Hotfix XS65ESP1019 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX203494">http://support.citrix.com/article/CTX203494</a><br />
CVE-2015-8339/CVE-2015-8340 (Medium): Memory exchange hypercall error handling<br />
<br />
<b>CTX204047 - Hotfix XS65ESP1020 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX204047">http://support.citrix.com/article/CTX204047</a><br />
CVE-2015-8554 (Medium): QEMU-dm buffer overrun in MSI-X handling<br />
CVE-2015-8104 (Low): Guest crash during exception delivery<br />
CVE-2015-8555 (High): Information leak in legacy x86 FPU/XMM initialization<br />
<br />
<b>CTX205355 - Hotfix XS65ESP1023 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX205355">http://support.citrix.com/article/CTX205355</a><br />
CVE-2016-1571 (Medium): VMX: intercept issue with INVLPG on non-canonical address<br />
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-81803263745837905312015-11-05T11:36:00.000+09:002015-11-05T11:36:15.370+09:00XenServer Dundee Beta 1 Available<b>XenServer Dundee Beta 1 Available</b><br />
<a href="http://xenserver.org/blog/entry/xenserver-dundee-beta-1-available.html">http://xenserver.org/blog/entry/xenserver-dundee-beta-1-available.html</a><br />
<br />
<br />
いまさらながらにDUNDEEの確認。<br />
<br />
<br />
<br />
<ul>
<li>CentOS7ベースに。</li>
<li>XapiをCgroups制御から分離。</li>
<li>RBAC(ロールベースアクセスコントロール)がPowerBroker Openに変更</li>
<ul>
<li>http://www.powerbrokeropen.org/</li>
</ul>
<li>DOM0の狭小のDiskスペースが、18GBに。</li>
<li>FCoE(Fiber Channel over Ethernet)やNFSv4 サポート。</li>
<li>UEFI BOOT対応。</li>
<li>AUTOMATIC HEALTH CHECK</li>
<ul>
<li>自動的にServerStatusReportをTaaS(自動でログを解析してくれるCitrixのサイト)にアップしてくれる</li>
</ul>
<li>パッチマネージメント</li>
<ul>
<li>Citrixに接続しに行ってパッチを探してくれるって。しかもインストールが完了したパッチは、自動的にClean-upしてくれるって。便利。</li>
</ul>
</ul>
<br />
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-71518600615889931892015-08-20T10:12:00.003+09:002015-08-20T10:13:29.277+09:00Vulnerability in Citrix XenServer Could Result in Information Disclosure<br />
<b>Vulnerability in Citrix XenServer Could Result in Information Disclosure</b><br />
<div>
<a href="http://support.citrix.com/article/CTX201717">http://support.citrix.com/article/CTX201717</a></div>
<div>
<br /></div>
<div>
落ち着かないHVMの話。</div>
<div>
パッチも出てたので更新しておきました。</div>
<b>XenServer6.2 SP1 のパッチリスト (2015/8/20 時点)</b><br />
<div>
<a href="http://mada0833.blogspot.jp/2014/04/XenServer62SP1PatchList.html">http://mada0833.blogspot.jp/2014/04/XenServer62SP1PatchList.html</a></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-19318783255768637772015-08-15T15:21:00.000+09:002015-08-15T15:21:00.148+09:00pygrub と eliloaderなんだろね。これ。<br />
<br />
XenServer5.6SP2 のPVをXVAにExportして、<br />
XenServer6.5SP1 にIMPORTしたら、<br />
「Error 13: Invalid or unsupported executable format」<br />
とエラーになり起動しない。<br />
<br />
<blockquote class="tr_bq">
xe vm-param-list uuid=***************</blockquote>
で確認したら、<br />
<blockquote class="tr_bq">
PV-bootloader ( RW): eliloader</blockquote>
<br />
え?pygrubがeliloaderになってる。<br />
XenServer6.2SP1 にも同じXVAをIMPORTしたら同じ現象だった。<br />
XenServer5.6SP2 からのEXPORTに問題があったっぽいけど・・・なんだろうね。<br />
<br />
<blockquote class="tr_bq">
xe vm-param-set uuid=*************** PV-bootloader=pygrub</blockquote>
で無事に起動。<br />
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-65816913513722119092015-08-04T18:31:00.000+09:002015-08-04T18:31:01.859+09:00QEMUの不具合2件<div class="tr_bq">
どっちもPVは影響受けません。</div>
<div class="tr_bq">
<br /></div>
<div class="tr_bq">
<b><br /></b></div>
<div class="tr_bq">
<b>[Xen-users] Xen Security Advisory 139 (CVE-2015-5166) - Use after free in QEMU/Xen block unplug protocol</b></div>
<a href="http://lists.xen.org/archives/html/xen-users/2015-08/msg00008.html">http://lists.xen.org/archives/html/xen-users/2015-08/msg00008.html</a><br />
<br />
<blockquote class="tr_bq">
ISSUE DESCRIPTION<br />=================<br />When unplugging an emulated block device the device was not fully<br />unplugged, meaning a second unplug attempt would attempt to unplug the<br />device a second time using a previously freed pointer.<br />IMPACT<br />======<br />An HVM guest which has access to an emulated IDE disk device may be<br />able to exploit this vulnerability in order to take over the qemu<br />process elevating its privilege to that of the qemu process.</blockquote>
<br />
<br />
<br />
<br />
<b>[Xen-users] Xen Security Advisory 140 (CVE-2015-5165) - QEMU leak of uninitialized heap memory in rtl8139 device model</b><br />
<a href="http://lists.xen.org/archives/html/xen-users/2015-08/msg00009.html">http://lists.xen.org/archives/html/xen-users/2015-08/msg00009.html</a><br />
<br />
<blockquote>
ISSUE DESCRIPTION<br />=================<br />The QEMU model of the RTL8139 network card did not sufficiently<br />validate inputs in the C+ mode offload emulation. This results in<br />uninitialised memory from the QEMU process's heap being leaked to the<br />domain as well as to the network.<br />IMPACT<br />======<br />A guest may be able to read sensitive host-level data relating to<br />itself which resides in the QEMU process.<br />Such information may include things such as information relating to<br />real devices backing emulated devices or passwords which the host<br />administrator does not intend to share with the guest admin.</blockquote>
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-24632510900107737122015-07-28T10:02:00.000+09:002015-07-28T10:02:23.185+09:00Citrix XenServer Security Update for CVE-2015-5154<b>Citrix XenServer Security Update for CVE-2015-5154</b><div>
<a href="http://support.citrix.com/article/CTX201593">http://support.citrix.com/article/CTX201593</a></div>
<div>
<br /></div>
<div>
<ul style="background-color: white; border: 0px; color: #4d4f53; font-family: HelveticaNeueW01-55Roma, Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22.1000003814697px; margin: 5px 0px 5px 42px; padding: 0px;">
<li style="border: 0px; list-style: disc outside none; margin: 0px; padding: 0px;">CVE-2015-5154: QEMU heap overflow flaw while processing certain ATAPI commands</li>
</ul>
<div>
<span style="background-color: white; color: #4d4f53; font-family: HelveticaNeueW01-55Roma, Arial, Helvetica, sans-serif; font-size: 13px; line-height: 23.3999996185303px;">Customers that only have PV guests deployed are not at risk.</span></div>
<div>
<span style="background-color: white; color: #4d4f53; font-family: HelveticaNeueW01-55Roma, Arial, Helvetica, sans-serif; font-size: 13px; line-height: 23.3999996185303px;">PV Guestには影響は無いようです。</span></div>
<div>
<span style="color: #4d4f53; font-family: HelveticaNeueW01-55Roma, Arial, Helvetica, sans-serif;"><span style="font-size: 13px; line-height: 22.1000003814697px;"><br /></span></span></div>
<div>
Patchはでてます。</div>
<div>
<br /></div>
<br /><b>Hotfix XS65ESP1008 - For XenServer 6.5.0 Service Pack 1</b><div>
<a href="https://support.citrix.com/article/CTX201637">https://support.citrix.com/article/CTX201637</a></div>
<div>
<b><br /></b></div>
<b>Hotfix XS62ESP1030 - For XenServer 6.2.0 Service Pack 1</b><div>
<div style="display: inline !important;">
<a href="https://support.citrix.com/article/CTX201635">https://support.citrix.com/article/CTX201635</a></div>
</div>
<div style="font-weight: bold;">
<b><br /></b></div>
<div style="font-weight: bold;">
<br /></div>
</div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-33228275056858468902015-07-21T11:23:00.003+09:002015-07-21T11:23:48.816+09:00This reduces the VM downtime<b>CP-11841: </b><br />
<b>vm-migrate downtime: plug the VIFs of the new domain before suspending the old domain</b><br />
<a href="https://github.com/xapi-project/xenopsd/pull/205">https://github.com/xapi-project/xenopsd/pull/205</a><br />
<br />
<blockquote class="tr_bq">
This reduces the VM downtime (when both old and new domains are paused) in 0.3s<br />for each VIF connected to the VM.</blockquote>
<br />
ダウンタイムの削減。<br />
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-20336506296931982362015-07-08T09:52:00.002+09:002015-07-08T09:52:23.933+09:00Xen Security Advisory 137 (CVE-2015-3259) - xl command line config handling stack overflow<b>[Xen-announce] Xen Security Advisory 137 (CVE-2015-3259) - xl command line config handling stack overflow</b><br />
<a href="http://lists.xen.org/archives/html/xen-announce/2015-07/msg00000.html">http://lists.xen.org/archives/html/xen-announce/2015-07/msg00000.html</a><br />
<br />
xlコマンドのoverflow不具合。<br />
実行できる人が限定的なので、影響は少ないね。<br />
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-57241116772522923622015-07-07T15:24:00.002+09:002015-07-07T15:24:19.444+09:00Hotfix XS65ESP1005 - For XenServer 6.5.0 Service Pack 1<b>Hotfix XS65ESP1005 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX201514">http://support.citrix.com/article/CTX201514</a><br />
HostをCrashさせる不具合を修正<br />
・VBD をplug/unplug<br />
・Netback<br />
・Serial Console<br />
・受信したNetworkTraffice<br />
<br />
<br />
これまでのPatchは下記を参照<br />
<div style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-stretch: normal; margin: 0.75em 0px 0px; position: relative;">
<span style="font-size: small;"><b>XenServer6.5 SP1 のパッチリスト</b></span></div>
<a href="http://mada0833.blogspot.jp/2015/05/xenserver65-sp1-2015520.html">http://mada0833.blogspot.jp/2015/05/xenserver65-sp1-2015520.html</a>だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-35350954129920118062015-06-25T11:10:00.002+09:002015-06-25T11:10:40.499+09:00Hotfix XS62ESP1028 - For XenServer 6.2.0 Service Pack 1<b>Hotfix XS62ESP1028 - For XenServer 6.2.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX142593">http://support.citrix.com/article/CTX142593</a><br />
<br />
Windows用のXenToolsのアップデート。<br />
ブルースクリーンの時のCrash-Dump用ドライバの修正(そんなのがあるんだね)とか、<br />
前のXenToolsがキレイにUninstallできない問題の修正(まだダメなのね)とか。<br />
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-19837195114808259212015-06-15T11:13:00.001+09:002015-06-15T11:13:08.135+09:00Citrix XenServer Multiple Security Updates<b>Citrix XenServer Multiple Security Updates</b><br />
<a href="http://support.citrix.com/article/CTX201145">http://support.citrix.com/article/CTX201145</a><br />
<br />
Xenの修正の反映。<br />
<blockquote class="tr_bq">
CVE-2015-4106 (Medium): Unmediated PCI register access in qemu.<br /> CVE-2015-4163 (Medium): GNTTABOP_swap_grant_ref operation misbehavior.<br /> CVE-2015-4164 (Medium): vulnerability in the iret hypercall handler<br /> CVE-2015-2756 (Low): Unmediated PCI command register access in qemu<br /> CVE-2015-4103 (Low): Potential unintended writes to host MSI message data field via qemu.<br /> CVE-2015-4104 (Low): PCI MSI mask bits inadvertently exposed to guests.<br /> CVE-2015-4105 (Low): Guest triggerable qemu MSI-X pass-through error messages</blockquote>
<br />
<br />
<b>Hotfix XS65ESP1004- For XenServer 6.5.0 Service Pack 1</b><br />
<a href="https://support.citrix.com/article/CTX142538">https://support.citrix.com/article/CTX142538</a><br />
<br />
<br />
<b>Hotfix XS62ESP1027- For XenServer 6.2.0 Service Pack 1</b><br />
<a href="https://support.citrix.com/article/CTX142536">https://support.citrix.com/article/CTX142536</a><br />
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-90492827869776163922015-06-04T10:41:00.002+09:002015-06-04T10:41:42.470+09:00Hotfix XS62ESP1024 - for XenServer 6.2.0 Service Pack 1<b>Hotfix XS62ESP1024 - for XenServer 6.2.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX142496">http://support.citrix.com/article/CTX142496</a><br />
<br />
Kernelを含むアップデート。<br />
Hotfix XS62ESP1009 の件もあるからちょっと様子見したいところ。<br />
<br />
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-67104156312452774752015-06-03T10:26:00.001+09:002015-06-03T10:26:24.259+09:00PCIパススルー関連の脆弱性<b>[Xen-users] Xen Security Advisory 128 (CVE-2015-4103) - </b><br />
<b>Potential unintended writes to host MSI message data field via qemu</b><br />
<a href="http://lists.xen.org/archives/html/xen-users/2015-06/msg00011.html">http://lists.xen.org/archives/html/xen-users/2015-06/msg00011.html</a><br />
<br />
<br />
<b>[Xen-users] Xen Security Advisory 129 (CVE-2015-4104) - </b><br />
<b>PCI MSI mask bits inadvertently exposed to guests</b><br />
<a href="http://lists.xen.org/archives/html/xen-users/2015-06/msg00014.html">http://lists.xen.org/archives/html/xen-users/2015-06/msg00014.html</a><br />
<br />
<br />
<b>[Xen-users] Xen Security Advisory 130 (CVE-2015-4105) - </b><br />
<b>Guest triggerable qemu MSI-X pass-through error messages</b><br />
<a href="http://lists.xen.org/archives/html/xen-users/2015-06/msg00012.html">http://lists.xen.org/archives/html/xen-users/2015-06/msg00012.html</a><br />
<br />
<b>[Xen-users] Xen Security Advisory 131 (CVE-2015-4106) - </b><br />
<b>Unmediated PCI register access in qemu</b><br />
<a href="http://lists.xen.org/archives/html/xen-users/2015-06/msg00013.html">http://lists.xen.org/archives/html/xen-users/2015-06/msg00013.html</a><br />
<br />
<br />
共通点:<br />
・GuestからのDoSでHostがCrashする<br />
・PCIパススルーをサポートするXen3.3以上<br />
・HVMのみ。<br />
<br />
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-45707636792324246142015-05-20T19:31:00.001+09:002016-03-02T17:34:40.727+09:00XenServer6.5 SP1 のパッチリスト (2016/2/24 時点)現状の<span style="font-size: large;">XenServer6.5</span> <span style="font-size: large;">SP1</span>のパッチリスト<br />
<br />
<b>Recommended Updates for XenServer 6.x Hotfixes</b><br />
<a href="http://support.citrix.com/article/CTX138115">http://support.citrix.com/article/CTX138115</a><br />
<br />
<ul>
<li><b><b>XenServer 6.5.0 SP1 適用</b></b></li>
<li><b><b>Reboot</b></b></li>
<li><b>Hotfix XS65ESP1001 (XenCenter)</b></li>
<li><b>Hotfix XS65ESP1012</b></li>
<li><b>Hotfix XS65ESP1018 (XenTools)</b></li>
<li><b>Hotfix XS65ESP1021 (KernelとSM/blktap)</b></li>
<li><b>Hotfix XS65ESP1022 (OpenSSL)</b></li>
<li><b>Hotfix XS65ESP1023 (SecurityFix)</b></li>
<li><b>Reboot</b></li>
</ul>
<br />
<ul style="-webkit-text-stroke-width: 0px; color: black; font-family: 'MS PGothic'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;"></ul>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'MS PGothic'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
すごく久しぶりに更新。推奨サイトはかなり整理されていい感じ。</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'MS PGothic'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; margin: 0px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<br /></div>
--<br />
<br />
<b>Hotfix XS65ESP1001 - For XenServer 6.5.0 SP1</b><br />
<a href="http://support.citrix.com/article/CTX142447">http://support.citrix.com/article/CTX142447</a><br />
<br />
最近お決まりの一発目は XenCenterの更新<br />
<br />
<b>Hotfix XS65ESP1002 - For XenServer 6.5.0 SP1</b><br />
<a href="https://support.citrix.com/article/CTX142483">https://support.citrix.com/article/CTX142483</a><br />
VENOM対応<br />
<br />
<b>Hotfix XS65ESP1003 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX142583">http://support.citrix.com/article/CTX142583</a><br />
Xentools更新(Windows)<br />
<br />
<b>Hotfix XS65ESP1004- For XenServer 6.5.0 Service Pack 1</b><br />
<a href="https://support.citrix.com/article/CTX142538">https://support.citrix.com/article/CTX142538</a><br />
<div>
PCIまわりの修正</div>
<br />
<b>Hotfix XS65E010- For XenServer 6.5.0</b><br />
<a href="http://support.citrix.com/article/CTX142537">http://support.citrix.com/article/CTX142537</a><br />
Security Fix<br />
<br />
<b>Hotfix XS65ESP1005 - For XenServer 6.5.0 Service Pack 1</b><br />
<a href="http://support.citrix.com/article/CTX201514">http://support.citrix.com/article/CTX201514</a><br />
HostをCrashさせる不具合を修正<br />
・VBD をplug/unplug<br />
・Netback<br />
・Serial Console<br />
・受信したNetworkTraffice<br />
<br />
<b>Hotfix XS65ESP1008 </b><br />
<a href="https://support.citrix.com/article/CTX201637">https://support.citrix.com/article/CTX201637</a><br />
Security Update。QEMUのATAPI関連。<br />
<div>
<br />
<b>Hotfix XS65E013</b><br />
<a href="http://support.citrix.com/article/CTX201636">http://support.citrix.com/article/CTX201636</a><br />
CVE-2015-5154: QEMU heap overflow flaw while processing certain ATAPI commands<br />
<br />
<b>Hotfix XS65ESP1009</b><br />
<a href="http://support.citrix.com/article/CTX201741">http://support.citrix.com/article/CTX201741</a><br />
CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model<br />
<br />
<b>Hotfix XS65ESP1010</b><br />
<a href="http://support.citrix.com/article/CTX201974">http://support.citrix.com/article/CTX201974</a><br />
Xentools更新(Windows10とWindows向け)<br />
<br />
<b>Hotfix XS65ESP1011</b><br />
<a href="http://support.citrix.com/article/CTX202074">http://support.citrix.com/article/CTX202074</a><br />
Intel系でPCIパススルーとかGPUパススルー使うとクラッシュする問題のFIXや<br />
WinのDHCP Serverを使ったときの問題やhvmloaderの問題修正など。<br />
<br />
<b>Hotfix XS65ESP1012</b><br />
<a href="http://support.citrix.com/article/CTX202481">http://support.citrix.com/article/CTX202481</a><br />
主にxapiの不具合修正<br />
<div>
<br /></div>
<b>Hotfix XS65ESP1014</b><br />
<a href="http://support.citrix.com/article/CTX202439">http://support.citrix.com/article/CTX202439</a><br />
PVからHOSTをクラッシュできる脆弱性の修正など<br />
<div>
<br /></div>
<div>
<b>Hotfix XS65ESP1016</b><br />
<a href="https://support.citrix.com/article/CTX202619">https://support.citrix.com/article/CTX202619</a><br />
HVMからPVをクラッシュできる脆弱性の修正など<br />
<br />
<b>Hotfix XS65ESP1018 </b><br />
<a href="http://support.citrix.com/article/CTX205190">http://support.citrix.com/article/CTX205190</a><br />
XenToolsの更新。主にWindows向け。<br />
(Includes XS65ESP1003 and XS65ESP1010)<br />
<div>
<br /></div>
<b>Hotfix XS65ESP1021</b><br />
<a href="http://support.citrix.com/article/CTX204053">http://support.citrix.com/article/CTX204053</a><br />
KernelとSM/blktapの更新。<br />
SoftwareRAIDへの対応。<br />
ShutdownしたVMのVIFのnetback(ホスト側)が残ってしまう不具合修正<br />
(Includes XS65ESP1005 and XS65ESP1013)<br />
<div>
<br /></div>
<b>Hotfix XS65ESP1022</b><br />
<a href="http://support.citrix.com/article/CTX205228">http://support.citrix.com/article/CTX205228</a><br />
* OpenSSLの更新<br />
<br />
<b>Hotfix XS65ESP1023</b><br />
<div>
<a href="http://support.citrix.com/article/CTX205355">http://support.citrix.com/article/CTX205355</a><br />
セキュリティFIX:CVE-2016-1571 (Medium): VMX: intercept issue with INVLPG on non-canonical address (IntelCPUのみ)</div>
<div>
(Includes XS65E009, XS65E010, XS65E013, XS65E014, XS65E015, XS65E017, XS65E018, </div>
XS65ESP1002, XS65ESP1004, XS65ESP1008, XS65ESP1009 , XS65ESP1011, XS65ESP1014, XS65ESP1016, XS65ESP1019, XS65ESP1020)<br />
<br /></div>
<br /></div>
<div>
<div>
<div>
</div>
</div>
</div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-68017238211623378032015-05-14T12:58:00.005+09:002015-05-29T15:22:21.497+09:00VENOMVENOM(Virtualized Environment Neglected Operations Manipulation)の件<br />
<br />
◆詳細<br />
<b></b><br />
<div>
<b>Crowdstrike.com</b></div>
<b>
Q+A: Learn More About VENOM</b><a href="http://venom.crowdstrike.com/">http://venom.crowdstrike.com/</a><br />
<br />
<h3>
◆Xen</h3>
<b>[Xen-users] Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive</b><br />
<a href="http://lists.xen.org/archives/html/xen-users/2015-05/msg00109.html">http://lists.xen.org/archives/html/xen-users/2015-05/msg00109.html</a><br />
<br />
<br />
<blockquote class="tr_bq">
ISSUE DESCRIPTION<br />
=================<br />
The code in qemu which emulates a floppy disk controller did not<br />
correctly bounds check accesses to an array and therefore was<br />
vulnerable to a buffer overflow attack.</blockquote>
<br />
<h3>
◆XenServer</h3>
<b>Citrix Security Advisory for CVE-2015-3456</b><br />
<a href="http://support.citrix.com/article/CTX201078">http://support.citrix.com/article/CTX201078</a><br />
<br />
<blockquote class="tr_bq">
Description of Problem<br />
Citrix is aware of the recent vulnerability that has been reported against the Xen hypervisor. This issue is known as the 'VENOM' vulnerability and has been assigned the following CVE number:<br />
CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456<br />
The following sections will provide guidance to customers on the potential impact of this issue. Citrix is actively analysing the impact of this vulnerability on supported versions of Citrix XenServer. Additional details and guidance will be added to this document as soon as they are available.</blockquote>
<div>
<b><追記 2015/5/19></b><br />
<br />
<a href="https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/">https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/</a><br />
<div>
<br /></div>
VENOMでは、VM上で特定コマンドを実施することで、ハイパーバイザ上で任意のコマンドを実施できるというもの。<br />
ただし、Redhatとしては、特定コマンドは実施できるが、ハイパーバイザ上での実効は確認できていないとのこと。<br />
<blockquote class="tr_bq">
We believe that code execution is possible but we have not yet seen any working reproducers that would allow this.</blockquote>
なお、既存のExploitは、QEMUをCrashさせるので、Segfault LOGをみてれば、その攻撃を判定できそうとのこと。<br />
<br />
ちなみに、影響をうけるのは、HVM(完全仮想化)なVMだけだよ。XenTools入った準仮想化VMは影響受けないらしいよ。<br />
まぁ、RootとられてXenTools抜かれたらやられちゃうけど。</div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-24153535759150662412015-05-13T12:10:00.001+09:002015-05-13T12:12:08.541+09:00XenServer6.5 SP1 リリース<br />
<b>XENSERVER 6.5 SP1 RELEASED</b><br />
http://xenserver.org/blog/entry/xenserver-6-5-sp1-released.html<br />
<br />
主な追加機能はこんな感じ。<br />
<br />
<ul>
<li>Dockerの正式サポート</li>
<li>Windows向け)GPUパススルーでのIntel GVT-dサポート</li>
<li>Linux向け)NVIDIA GPUパススルーでのOpenGL/CUDAサポート</li>
<li>XenCenterからSupplemental packが適用可能に。</li>
</ul>
<br />
<br /><b>XenServer 6.5.0 Service Pack 1(Citrix)</b><br /><a href="http://support.citrix.com/article/CTX142355">http://support.citrix.com/article/CTX142355</a><br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-86147801308899917642015-05-01T14:37:00.005+09:002015-05-01T14:37:38.539+09:00Docker with XenServer6.5<b>Preview of XenServer support for Docker and Container Management</b><br />
<a href="http://xenserver.org/blog/entry/preview-of-xenserver-support-for-docker-and-container-management.html">http://xenserver.org/blog/entry/preview-of-xenserver-support-for-docker-and-container-management.html</a><br />
<br />
3月10日に公開されてた・・・<br />
<br />
<b>PRE-RELEASE COMPONENTS - DOCKER INTEGRATION</b><br />
<a href="http://xenserver.org/overview-xenserver-open-source-virtualization/prerelease.html">http://xenserver.org/overview-xenserver-open-source-virtualization/prerelease.html</a><br />
<br />
XenServer6.5用のDocker。<br />
Supplemental Packとして提供されている。<br />
PRE-RELEASE版なので、遊ぶにはちょうどいいけど、それ以外にはちょっと怖い。<br />
Dundeeまで待ちたいね。<br />
<br />だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0tag:blogger.com,1999:blog-5360628932399802631.post-40188446743259033822015-05-01T14:16:00.000+09:002015-05-01T14:16:04.216+09:00XenServer Dundee<div>
<b>Introducing XenServer Dundee</b></div>
<div>
<a href="http://xenserver.org/blog/entry/introducing-xenserver-dundee.html">http://xenserver.org/blog/entry/introducing-xenserver-dundee.html</a></div>
<div>
<br /></div>
<div>
CentOS7ベースの次期XenServer 「Dundee」</div>
<div>
Versionとかは見てないけど、多分XenServer 7?</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<b>DOWNLOAD - PRE-RELEASE XENSERVER</b></div>
<div>
<a href="http://xenserver.org/overview-xenserver-open-source-virtualization/prerelease.html">http://xenserver.org/overview-xenserver-open-source-virtualization/prerelease.html</a></div>
<div>
XenServer Dundee Alpha1 がDownloadできます。</div>
<div>
<br /></div>
だぁやまhttp://www.blogger.com/profile/16193627584222779152noreply@blogger.com0