|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable
On Tue, 2 Oct 2007, S.Çalar Onur wrote: Hi; 01 Eki 2007 Pts tarihinde, Steven Timm ÿÿunlarÿÿ yazmÿÿÿÿtÿÿ:Does anyone know if the Xen 3.1.0 kernels as distributed in the "open source" tarballs (x86_64 version) are vulnerable to the recently-announced vulnerability CVE-2007-4573? IF so, is there any plan to release patched tarballs anytime soon?Yes it is. And current provided tarball also vulnerable against ~30 CVE+ (cause all these vulnerabilities are discovered after 2.6.18 which is Xen-3.x based on) so i suggest using your distros provided one instead of upstream one. Cheers You suggest "using your distro-provided one" but of course Red Hat only provides Xen 3.0.3, not Xen 3.1 which I need to run 64-bit host and 32-bit (or 64-bit) clients. Does anyone have a good recipe to merge xen 3.1.0 patches and2.6.18-8.1.14 as distributed by RedHat and friends? x86_64 version, I mean. I know there is one there for the i386 version on the web site but there is not one for the x86_64 version. What are people doing who are running Xen 3.1 on redhat 5 and friends, but need to stay current with the many kernel security patches? Any help is appreciated. Steve Timm -- ------------------------------------------------------------------ Steven C. Timm, Ph.D (630) 840-8525 timm@xxxxxxxx http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |