There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades to the lastest 3.18 LTS kernel) for Xen4CentOS users.
This kernel can be tested from here:
http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ (CentOS-6)
and here:
http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ (CentOS-7)
Once we get several tested installs we can move this to released. For more info on CVE-2016-0728:
There is info in the above link on testing the vulnerability is fixed .. see the code under 'Triggering the bug from userspace is fairly straightforward, as we can see in the following code snippet'.
Reports that the kernel works, and that the CVE-2016-0728 issue is tested (before and after installing the new kernel) would be greatly appreciated on this thread.
The following changelogs are also applicable in a upgrade from the current 3.18.21-17 release and this 3.18.25-18 release:
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.25
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.24
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.22
Thanks. Johnny Hughes
On 01/19/2016 05:22 PM, Johnny Hughes wrote:
There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades to the lastest 3.18 LTS kernel) for Xen4CentOS users.
This kernel can be tested from here:
http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ (CentOS-6)
and here:
http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ (CentOS-7)
NOTE:
Those kernels will also end up in:
http://buildlogs.centos.org/centos/6/virt/x86_64/xen/
and
http://buildlogs.centos.org/centos/7/virt/x86_64/xen/
Soon
(the kernel-3.18.25-17 kernel, without the CVE fix, is already there)
Thanks, Johnny Hughes
On 01/19/2016 05:28 PM, Johnny Hughes wrote:
On 01/19/2016 05:22 PM, Johnny Hughes wrote:
There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades to the lastest 3.18 LTS kernel) for Xen4CentOS users.
This kernel can be tested from here:
http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ (CentOS-6)
and here:
http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ (CentOS-7)
NOTE:
Those kernels will also end up in:
http://buildlogs.centos.org/centos/6/virt/x86_64/xen/
and
http://buildlogs.centos.org/centos/7/virt/x86_64/xen/
Soon
(the kernel-3.18.25-17 kernel, without the CVE fix, is already there)
OK, I can verify (for me), based on the 'leak' binary in compiled from
That kernel-3.18.25-17 'DOES' have the CVE issue and that kernel-3.18.25-18 DOES NOT have the CVE leak issue.
Feedback required from others.
Thanks, Johnny Hughes
-
Johnny Hughes