On 01/19/2016 05:28 PM, Johnny Hughes wrote: > On 01/19/2016 05:22 PM, Johnny Hughes wrote: >> There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades >> to the lastest 3.18 LTS kernel) for Xen4CentOS users. >> >> This kernel can be tested from here: >> >> http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ >> (CentOS-6) >> >> and here: >> >> http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ >> (CentOS-7) >> > > NOTE: > > Those kernels will also end up in: > > > http://buildlogs.centos.org/centos/6/virt/x86_64/xen/ > > and > > http://buildlogs.centos.org/centos/7/virt/x86_64/xen/ > > Soon > > (the kernel-3.18.25-17 kernel, without the CVE fix, is already there) > OK, I can verify (for me), based on the 'leak' binary in compiled from http://bit.ly/1nifPm4 That kernel-3.18.25-17 'DOES' have the CVE issue and that kernel-3.18.25-18 DOES NOT have the CVE leak issue. Feedback required from others. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160119/f819e55b/attachment-0006.sig>