Planet Hypervisor

Xen Project Security Policy Improvements: Get Involved

The recent XSA-108 vulnerability resulted in a lot of media coverage, which ended up stress-testing some of our policy and security related processes. During the embargo period of XSA-108, the Xen Project Security Team was faced with some difficult questions of policy interpretation, as well as practical issues related to pre-disclosure list membership applications. To […]

Increasing Ubuntu's Resolution

Maximizing Desktop Real-estate with Ubuntu With the addition of Ubuntu (and the likes) to Creedence, you may have noticed that the default resolution is 1024x768.  I certainly noticed it and with much work on 6.2 and Creedence Beta, I have a quick solution to maximizing the screen resolution for you. The thing to consider is that a virtual frame buffer is what is essentially being used.  You can re-invent X configs all day, but the shortest path is to - first - ensure that that the following files are installed on your Ubuntu guest VM: sudo apt-get install xvfb xfonts-100dpi xfonts-75dpi xfstt Once that...

VGA over Cirrus in XenServer 6.2

Achieve Higher Resolution and 32Bpp For many reasons – not exclusive to XenServer – the Cirrus video driver has been a staple wherein a basic/somewhat agnostic video driver is needed.  When one creates a VM within XenServer (specifically 6.2 and previous versions) the Cirrus video driver is used by default for video...and it does the job. I had been working on a project with my mentor related to an eccentric OS, but I needed a way to get more real-estate to test a HID pointing device by increasing the screen resolution.  This led me to find that at some point in our...

Security bulletin covering "Shellshock"

Over the past several weeks, there has been considerable interest in a series of vulnerabilities in bash with the attention grabbing name of "shellshock". These bash vulnerabilities are more properly known as CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. As was indicated in security bulletin CTX200217, XenServer hosts were potentially impacted, but investigation was continuing. That investigation has been completed and the associated impact is described in security bulletin CTX200223, which also contains patch information for these vulnerabilities. Learning about new XenServer hotfixes When a hotfix is released for XenServer, it will be posted to the Citrix support web site. You can...

The Windows PV Drivers Sub-Project

by Paul Durrant Back in 2013 Citrix made XenServer fully open source. As part of that work the previously closed Windows drivers for paravirtual devices were opened up and made available to the community on GitHub. These drivers were still very much tied to XenServer though because of assumptions that were made about the platform […]

Creedence: Debian 7.x and PVHVM Testing

Introduction On my own time and on my own testing equipment, I have been able to run many Guests VMs in PVHVM containers - before Creedence after its release to the public back in June.  Last week's broadcast of Creedence Beta 3's release, I was naturally excited to see Tim's spotlight on PVHVM and the following article's intent is to show - in a test environment only - how I was able to run Debian 7.x (64-bit) in the same fashion. For more information regarding PV + HVM as to establish a PVHVM container, Tim linked a great article in his Creedence Beta...

XSA-108: Not the vulnerability you’re looking for

There has an unusual amount of media attention to XSA-108 during the embargo period (which ended Wednesday) — far more than any of the previous security issues the Xen Project has reported. It began when a blogger complained that Amazon was telling customers it would be rebooting VMs in certain regions before a specific date. […]

Security bulletin covering XSA-108

Over the past week there has been considerable interest in an embargoed Xen Project security advisory known as XSA-108. On October 1st, 2014, the embargo surrounding this advisory was lifted, and coincident with that action, Citrix released a security bulletin covering XSA-108, as well as two additional advisories which impact XenServer releases. CVE-2014-7188 (XSA-108) Status CVE-2014-7188, also known as XSA-108, has received significant press. A patch for this was made available on the Citrix support site on October 1st. The patch is available at CTX200218, and also includes remedies for CVE-2014-7155 and CVE-2014-7156. Learning about new XenServer hotfixes When a hotfix is released for...

XSA-108: Additional Information from the Xen Project

The Xen Project Security Team today disclosed details of the Xen Security Advisory 108 / CVE-2014-7188 (Improper MSR range used for x2APIC emulation). The Xen Project does not normally comment on specific vulnerabilities other than issuing security advisories. However, given wide interest in this case, we believe it is helpful to provide more context. The […]

CloudStack simulator on Docker

Docker is a lot of fun, one of its strength is in the portability of applications. This gave me the idea to package the CloudStack management server as a docker image. CloudStack has a simulator that can fake a data center infrastructure. It can be used to test some of the basic functionalities. We use it to run our integration tests, like the smoke tests on TravisCI. The simulator allows us to configure an advanced or basic networking zone with fake hypervisors. So I bootstrapped the CloudStack management server, configured the Mysql database with an advanced zone and created a docker image...