On Tue, 2 Oct 2007, S.Çalar Onur wrote:
Hi;
01 Eki 2007 Pts tarihinde, Steven Timm ÿÿunlarÿÿ yazmÿÿÿÿtÿÿ:
Does anyone know if the Xen 3.1.0 kernels as distributed in
the "open source" tarballs (x86_64 version) are vulnerable to the
recently-announced vulnerability CVE-2007-4573?
IF so, is there any plan to release patched tarballs anytime soon?
Yes it is. And current provided tarball also vulnerable against ~30 CVE+
(cause all these vulnerabilities are discovered after 2.6.18 which is Xen-3.x
based on) so i suggest using your distros provided one instead of upstream
one.
Cheers
You suggest "using your distro-provided one" but of course Red Hat
only provides Xen 3.0.3, not Xen 3.1 which I need to run 64-bit host
and 32-bit (or 64-bit) clients.
Does anyone have a good recipe to merge xen 3.1.0 patches and
2.6.18-8.1.14 as distributed by RedHat and friends? x86_64 version, I
mean. I know there is one there for the i386 version on
the web site but there is not one for the x86_64 version. What
are people doing who are running Xen 3.1 on redhat 5 and friends, but
need to stay current with the many kernel security patches? Any help
is appreciated.
Steve Timm
--
------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
timm@xxxxxxxx http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Assistant Group Leader.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|