[CentOS-virt] 4.4.4-26 with XSA-226, 227, 230 in centos-virt-testing

Tue Nov 28 22:54:19 UTC 2017
Johnny Hughes <johnny at centos.org>

On 11/28/2017 11:24 AM, Kevin Stange wrote:
> On 11/28/2017 10:11 AM, Johnny Hughes wrote:
>> Kevin has been rolling back the security updates to the 4.4 branch.  He
>> has been working with some of the other distros (debian for sure, and
>> some others on the xen security list).
>>
>> I think it is his intention to continue this for as long as he is able
>> to. (Kevin, chime in if you have a schedule lifetime or EOL in mind)
>>
>> As long as Kevin (or anyone else) maintains the tree, I am happy to
>> build them into the repos.
>>
>> On 11/28/2017 07:38 AM, Pasi Kärkkäinen wrote:
>>> Hi,
>>>
>>> On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote:
>>>> Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 -
>>>> 230) from August 15th are now available in centos-virt-testing.  If
>>>> possible, please test and provide feedback here so we can move these to
>>>> release soon.
>>>>
>>>> XSA-228 did not affect Xen 4.4
>>>> XSA-229 only applies to the kernel
>>>>
>>>> XSA-235 disclosed today only affects ARM and isn't going to be added to
>>>> these packages.
>>>>
>>>
>>> Thanks for updating the Xen 4.4 branch! Are you still planning for additional updates there? 
> 
> I will be continuing to attempt to support 4.4 backports as long as I
> still have Xen 4.4 running in my own production environment, which will
> be until at least early 2018, but probably longer.  I am currently in
> early testing for migrating to newer Xen, but it's not close to ready
> yet.  I should have a release containing XSA-246 and XSA-247 in the
> testing repo later today, which will come up as version 4.4.4-32.
> 
> I wish I could provide more concrete EOL for planning purposes.
> Obviously, if you have the option to migrate to Xen 4.6 or later (4.5 is
> EOL in a few months) that's a good plan for a number of reasons.  I
> expect we'll see Xen 4.8 in the SIG repos before too long as well.
> 

I would suggest that if there is anyone out there who wants to keep
using Xen-4.4 on CentOS-6 that, and you have the ability to backport the
4.5 or 4.6 patches to xen-4.4, you get with Kevin and learn the process
so that you can keep the 4.4 branch going .. otherwise it will go EOL
when Kevin stops maintaining it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20171128/bc94932f/attachment-0006.sig>