[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen security issues

On 14/04/2013 19:35, AL13N wrote:
> Op zondag 14 april 2013 11:15:03 schreef Ian Campbell:
>> On Sun, 2013-04-14 at 08:05 +0100, AL13N wrote:
>>> I'm the Mageia maintainer and i'm a bit behind on patching CVE-* .
>>> can anyone help me find out which of these are actually applicable for
>>> 4.1.2?
>> You can find a list of the already public Xen security announcements,
>> with CVE numbers and links to advisories, patches etc at:
>> http://wiki.xen.org/wiki/Security_Announcements
> the problem is not finding the patches :-)
> the problem is which in those huge lists are actually applicable to that 
> specific version: xen-4.2.1
> or more, which aren't applicable :-).


Xen 4.2 was released on 17 Sept 2012.  XSA-19 and earlier where older
than that, so are not applicable.  XSA-20 and newer all specifically
refer to xen-4.2-testing and whether it is vulnerable or not.

Although now I note that you might have transposed 4.1.2.

So the 4.1 release notes puts 4.1.2 on 21 Oct 2011.  However, I would
highly recomend moving forwards to 4.1.4 or even newer.  4.1.x is in
maintenance now and is only receiving bugfixes, but being OS software,
there is still a steady stream of bugfixes being backported.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.