The Xen Project has fixed serious vulnerabilities in its widely used hypervisor software this week, forcing virtual server operators to schedule maintenance downtime to apply patches and reboot the affected systems. If left unpatched, the vulnerabilities could be exploited from within guest operating systems to crash the hypervisor, extract sensitive information from the host OS or other guests or to escape from the virtual machine and gain the same privileges as the hypervisor — in other words, get full control over everything.
Read full news article on The New Stack