[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] [Xen-devel] Security patches

On Thu, 2012-09-06 at 09:31 +0100, kk s wrote:
> Hi,
> Can anyone give the patch file download link for the below xen
> security for xen version 3.4 and 4.1? Since I couldn't find the
> downloadable patch file for some of the CVE's.
> CVE-2012-0029   - 
> http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html  (There is 
> no download link for both xen 3.4 and 4.1)
> CVE-2012-2934   - 
> http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html  (There 
> is no patch file to download of xen 3.4)
> CVE-2012-3432   - 
> http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html  (There is 
> no download link for both xen 3.4 and 4.1)
> CVE-2012-3433   - 
> http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html  (There is 
> no download link for both xen 3.4 and 4.1)

It looks to me like there are changeset references and/or patches for
all of these in the advisories. You might find it easier to follow: 

You can also always look in the appropriate xen-X.Y-testing.hg tree for
the fix.

> CVE-2012-3497   - 
> http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html  (There 
> is no download link for patch)

This is quite clearly explained in the advisory.

> Also I have some doubts for the below CVE's.
> CVE-2012-3496  - Is this vulnerability affected for xen 4.x only or it
> does include for xen 3.4 too? Since the patch name was
> xsa14-xen-3.4-and-4.x.patch
> http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html

Yes, it looks like this effects 3.4 too.

> CVE-2012-3516  - Shall I apply this unstable for patch for xen4.2 too?
> http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html

The advisory says "Xen-unstable, including Xen 4.2 release candidates
are vulnerable to this issue.", so yes, obviously.

In the future please carefully read the advisories before asking lots of
questions, almost everything you have asked is addressed in the advisory
texts AFAICT.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.