Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon.
XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel
XSA-235 disclosed today only affects ARM and isn't going to be added to these packages.
Thanks.
Hi,
On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote:
Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon.
XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel
XSA-235 disclosed today only affects ARM and isn't going to be added to these packages.
Thanks for updating the Xen 4.4 branch! Are you still planning for additional updates there?
-- Pasi
-- Kevin Stange Chief Technology Officer Steadfast | Managed Infrastructure, Datacenter and Cloud Services 800 S Wells, Suite 190 | Chicago, IL 60607 312.602.2689 X203 | Fax: 312.602.2688 kevin@steadfast.net | www.steadfast.net
Kevin has been rolling back the security updates to the 4.4 branch. He has been working with some of the other distros (debian for sure, and some others on the xen security list).
I think it is his intention to continue this for as long as he is able to. (Kevin, chime in if you have a schedule lifetime or EOL in mind)
As long as Kevin (or anyone else) maintains the tree, I am happy to build them into the repos.
On 11/28/2017 07:38 AM, Pasi Kärkkäinen wrote:
Hi,
On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote:
Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon.
XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel
XSA-235 disclosed today only affects ARM and isn't going to be added to these packages.
Thanks for updating the Xen 4.4 branch! Are you still planning for additional updates there?
-- Pasi
-- Kevin Stange Chief Technology Officer Steadfast | Managed Infrastructure, Datacenter and Cloud Services 800 S Wells, Suite 190 | Chicago, IL 60607 312.602.2689 X203 | Fax: 312.602.2688 kevin@steadfast.net | www.steadfast.net
CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
On 11/28/2017 10:11 AM, Johnny Hughes wrote:
Kevin has been rolling back the security updates to the 4.4 branch. He has been working with some of the other distros (debian for sure, and some others on the xen security list).
I think it is his intention to continue this for as long as he is able to. (Kevin, chime in if you have a schedule lifetime or EOL in mind)
As long as Kevin (or anyone else) maintains the tree, I am happy to build them into the repos.
On 11/28/2017 07:38 AM, Pasi Kärkkäinen wrote:
Hi,
On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote:
Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon.
XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel
XSA-235 disclosed today only affects ARM and isn't going to be added to these packages.
Thanks for updating the Xen 4.4 branch! Are you still planning for additional updates there?
I will be continuing to attempt to support 4.4 backports as long as I still have Xen 4.4 running in my own production environment, which will be until at least early 2018, but probably longer. I am currently in early testing for migrating to newer Xen, but it's not close to ready yet. I should have a release containing XSA-246 and XSA-247 in the testing repo later today, which will come up as version 4.4.4-32.
I wish I could provide more concrete EOL for planning purposes. Obviously, if you have the option to migrate to Xen 4.6 or later (4.5 is EOL in a few months) that's a good plan for a number of reasons. I expect we'll see Xen 4.8 in the SIG repos before too long as well.
On 11/28/2017 11:24 AM, Kevin Stange wrote:
On 11/28/2017 10:11 AM, Johnny Hughes wrote:
Kevin has been rolling back the security updates to the 4.4 branch. He has been working with some of the other distros (debian for sure, and some others on the xen security list).
I think it is his intention to continue this for as long as he is able to. (Kevin, chime in if you have a schedule lifetime or EOL in mind)
As long as Kevin (or anyone else) maintains the tree, I am happy to build them into the repos.
On 11/28/2017 07:38 AM, Pasi Kärkkäinen wrote:
Hi,
On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote:
Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon.
XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel
XSA-235 disclosed today only affects ARM and isn't going to be added to these packages.
Thanks for updating the Xen 4.4 branch! Are you still planning for additional updates there?
I will be continuing to attempt to support 4.4 backports as long as I still have Xen 4.4 running in my own production environment, which will be until at least early 2018, but probably longer. I am currently in early testing for migrating to newer Xen, but it's not close to ready yet. I should have a release containing XSA-246 and XSA-247 in the testing repo later today, which will come up as version 4.4.4-32.
I wish I could provide more concrete EOL for planning purposes. Obviously, if you have the option to migrate to Xen 4.6 or later (4.5 is EOL in a few months) that's a good plan for a number of reasons. I expect we'll see Xen 4.8 in the SIG repos before too long as well.
I would suggest that if there is anyone out there who wants to keep using Xen-4.4 on CentOS-6 that, and you have the ability to backport the 4.5 or 4.6 patches to xen-4.4, you get with Kevin and learn the process so that you can keep the 4.4 branch going .. otherwise it will go EOL when Kevin stops maintaining it.
-
Johnny Hughes -
Kevin Stange -
Pasi Kärkkäinen