I’m pleased to announce the release of Xen Project Hypervisor 4.7 and Xen Project Hypervisor 4.6.3. Xen Project Hypervisor 4.7 This new release focuses on improving code quality, security hardening, security features, live migration support, usability improvements and support for new hardware features — this
The first release of Mirage OS back in December 2013 introduced the prototype of the unikernel concept, which realised the promise of a safe, flexible mechanism to build highly optimized software stacks purpose-built for deployment in the public cloud (see the overview of Mirage OS for some background). Since then,
We normally only cover news and information directly related to Xen in this channel, but we thought it might be useful to briefly expand our scope a bit to mention the recent discussion about the Docker security exploit. What’s the news? Well to begin with, a few weeks ago
After concluding our poll about changes to the security discussion, we determined that “Pre-disclosure to software vendors and a wide set of users” was probably the best fit for the community. A set of concrete changes to the policy have now been discussed on xen-devel (here and here), and we
Xen.org recently released a number of (related) security updates, XSA-7 through to -9. This was done by the Xen.org Security Team who are charged with following the Xen.org Security Problem Response Process. As part of the process of releasing XSA-7..9 several short-comings (a few of which
Laws, like sausages, cease to inspire respect in proportion as we know how they are made. – John Godfrey Saxe, 1869. Most open source projects, Xen.org included, do what is called “coordinated disclosure” of security problems. The idea is that we keep security bugs secret until people have had a
Virtualization interview with Simon Crosby – http://virtualization.ulitzer.com/node/554197?page=0,0 Virtualization security discussion – http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1354642,00.html#
Joana Rutkowska and her team presented very interesting insights on Xen security, as well as attacks against it, at this years Black Hat conference in Las Vegas. In a trilogy of talks(“Xen 0wning trilogy”), they gave information about “Subverting the Xen Hypervisor”, “Detecting and preventing the Xen hypervisor subversions”
A new email has been established for anyone finding a security issue with any Xen build. Please send a detailed email of the problem to security@xen.org. This email distribution reaches a wide group of Xen community members who can immediately address the problem.