[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable

On Tue, 2 Oct 2007, S.Çalar Onur wrote:


01 Eki 2007 Pts tarihinde, Steven Timm ÿÿunlarÿÿ yazmÿÿÿÿtÿÿ:
Does anyone know if the Xen 3.1.0 kernels as distributed in
the "open source" tarballs (x86_64 version) are vulnerable to the
recently-announced  vulnerability CVE-2007-4573?
IF so, is there any plan to release patched tarballs  anytime soon?

Yes it is. And current provided tarball also vulnerable against ~30 CVE+
(cause all these vulnerabilities are discovered after 2.6.18 which is Xen-3.x
based on) so i suggest using your distros provided one instead of upstream


You suggest "using your distro-provided one" but of course Red Hat
only provides Xen 3.0.3, not Xen 3.1 which I need to run 64-bit host
and 32-bit (or 64-bit) clients.

Does anyone have a good recipe to merge xen 3.1.0 patches and
2.6.18-8.1.14 as distributed by RedHat and friends? x86_64 version, I mean. I know there is one there for the i386 version on
the web site but there is not one for the x86_64 version.  What
are people doing who are running Xen 3.1 on redhat 5 and friends, but
need to stay current with the many kernel security patches?  Any help
is appreciated.

Steve Timm

Steven C. Timm, Ph.D  (630) 840-8525
timm@xxxxxxxx  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.