Categories

• News

  All news regarding Xen and XCP-ng ecosystem
  143 Topics

  4k Posts

  S

  @rzr said: Thank you again for feedback we will try to address reported issues on next batch (to come soon). Note that some issues are not related to this specific update batch, but might have been introduced on previous ones (TBC). Not knowing myself what it meant, I asked Philippe: it's about the nslookup issue. And potentially the issue reported by @ph7 but it's not clear to me yet if there was a problem with XCP-ng or Xen Orchestra. Anyway, basically this means that there's no known issue caused by this batch of updates, and that we'll keep addressing any relevant issue in the next updates if necessary, as usual.
• XCP-ng

  Everything related to the virtualization platform

  • Compute
  • XO Lite
  • Migrate to XCP-ng
  • Hardware
  • Development
  1k Topics

  15k Posts

  R

  Just a quick update for anyone following this thread—I decided to test this out on my end to verify the impact. After installing gcc in Dom0 and making a few necessary tweaks to the PoC code, I was able to successfully compile and run it. I managed to gain root access starting from a standard, unprivileged account. Based on this, I can confirm that a fully patched XCP-ng 8.3 system is indeed vulnerable to this attack. However, I want to strongly emphasize a key point about the threat model here so we keep the risk in perspective: this is strictly a Local Privilege Escalation (LPE) vulnerability. An attacker cannot just trigger this remotely. To exploit this, someone absolutely must already have a provisioned account with access to your Dom0. If you are following best practices and strictly controlling who (and what) has shell access to Dom0, your immediate, real-world risk is significantly mitigated. Hopefully, this helps clarify the exposure for everyone while we wait for an official patch upstream.
• Xen Orchestra

  All Xen Orchestra related questions/reports

  • Management
  • Advanced features
  • Backup
  • REST API
  • Infrastructure as Code
  3k Topics

  28k Posts

  F

  I performed a full backup and a delta backup test. The full backup is working, but the delta backup is not. If you look at the image, I performed 2 full backups successfully, but the first backup, which is not encrypted and is a full backup, is not here — only the .json file that generated it is present. Where would the delta backup be located if not in the same folder as the others? According to the log, I only saw the same location being used. [image: 1780419911823-3f42504c-23cc-410d-b3f4-cfaba3b128a3-image.jpeg]
• XOSTOR

  Our hyperconverged storage solution
  47 Topics

  750 Posts

  O

  Please disable HA and report if you still have the issue.
• Non-English speakers

  • French (Français)
  • Turkish (Türk)
  • Portuguese (Português)
  35 Topics

  113 Posts

  O

  Ah excellente nouvelle Je passe le sujet en résolu !