[CentOS-devel] missing important EL6 patch for qemu CVE-2016-3710 ?

Fri May 13 15:32:39 UTC 2016
Jim Perrin <jperrin at centos.org>


On 05/13/2016 07:59 AM, Sven Kieske wrote:
> Hi,
> 
> I saw no announcement on centos-announce
> for this:
> 
> https://rhn.redhat.com/errata/RHSA-2016-0997.html
> 
> has it fallen through the cracks somehow?

Nope. It's part of 6.8.

> I find the corresponding update for EL7, but not for EL6.
> 
> It would be nice if someone could investigate this.

No need. it should be out shortly.

> I also didn't find the necessary versions on my local mirror synced, e.g.:
> 
> qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm
> 
> Is this due to the work done in preparation for EL 6.8 release?


Yup.

> But I also do not find any CR repo yet.

Be patient. Point upgrades take a bit of time, and it's only been a few
days.

> As this is an important update I'd like to know if there is help
> needed to get it out faster.

Johnny put out an announcement on the main mailing list yesterday with
an update. TL;DR, early next week.
https://lists.centos.org/pipermail/centos/2016-May/159404.html

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77