Re: [bitfolk] XSA-108?

Top Page
Author: Andy Smith
Date:  
To: users
Subject: Re: [bitfolk] XSA-108?

Reply to this message
gpg: Signature made Wed Oct 1 18:29:19 2014 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
On Tue, Sep 30, 2014 at 04:52:02PM +0000, Andy Smith wrote:
> More words about XSA-108 in about 8 hours.


Ah, the embargo ended at mid day not mid night, and I wasn't around at
mid day. :)

So anyway, if you read http://xenbits.xen.org/xsa/advisory-108.html
you'll see that it's only exploitable from a hardware-assisted
virtual machine (HVM) rather than a paravirtualized virtual machine
(PV).

All BitFolk VPSes are run in PV mode and there is no way for a
customer to launch an HVM guest. Therefore I won't be forcing any
reboots at this time.

Cheers,
Andy

--
http://bitfolk.com/ -- No-nonsense VPS hosting