On 01/19/2016 05:28 PM, Johnny Hughes wrote:
On 01/19/2016 05:22 PM, Johnny Hughes wrote:
There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades to the lastest 3.18 LTS kernel) for Xen4CentOS users.
This kernel can be tested from here:
http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ (CentOS-6)
and here:
http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ (CentOS-7)
NOTE:
Those kernels will also end up in:
http://buildlogs.centos.org/centos/6/virt/x86_64/xen/
and
http://buildlogs.centos.org/centos/7/virt/x86_64/xen/
Soon
(the kernel-3.18.25-17 kernel, without the CVE fix, is already there)
OK, I can verify (for me), based on the 'leak' binary in compiled from
That kernel-3.18.25-17 'DOES' have the CVE issue and that kernel-3.18.25-18 DOES NOT have the CVE leak issue.
Feedback required from others.
Thanks, Johnny Hughes