by UDS Enterprise Team | Oct 3, 2014 | Cloud-en, Hot news, Security, Xen-en
A vulnerability in Xen hypervisor has broken the security around multi-tenant environments. It allows Xen hardware virtual machines (HVM) to access data storaged in other HVM-based machines that are located in the same hardware. This bug, which has been registered as CVE-2014-7188, also allows to crash the host.
ARM systems and paravirtualization servers (PV) of the Open Source hypervisor haven’t been affected. The only vulnerable systems are x86.
Xen Project has published a patch to solve this problem, which affected big companies, such as Amazon or Rackspace, that had to reboot their virtualized servers.
Source: www.eweek.com
by UDS Enterprise Team | Sep 26, 2014 | Hot news, Linux-en, Red Hat-en, Security
A major vulnerability has been discovered that targets bash, the Unix system (including OSX) and Linux commands interpreter. Apparently, this security flaw is also affecting other interpreters, such as ksh, tcsh, zsh and csh. Nevertheless, other shells aren’t being affected.
UDS Enterprise servers aren’t vulnerable to this fail, so the security of the virrual machines which provide UDS Enterprise remains unaltered.
This vulnerability has been registed as CVE-2014-6271 and it allows to execute certain commands due to the wrong process of the environment variables. Besides, it may be exploited remotely.
