[CentOS-virt] Are XSA-289, XSA-274/CVE-2018-14678 fixed ?

Mon Jul 1 08:07:02 UTC 2019
Yuriy Kohut <ykohut at onapp.com>

Hello Kevin,

Thank you in advance for the reply. Will mark XSA-274 as fixed for us.

> On Jun 28, 2019, at 6:47 PM, Kevin Stange <kevin at steadfast.net> wrote:
> 
> Looks like this never got a response from anyone.
> 
> On 6/25/19 10:15 AM, Yuriy Kohut wrote:
>> Hello,
>> 
>> Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages  ?
> 
> XSA-289 is a tricky subject.  In the end, it was effectively decided
> that these patches were not recommended until they were reviewed again
> and XSA-289 has no official list of flaws or fixes as a result.  The
> main mitigation action suggested is to disable SMT on the CPU if possible.
> 
> XSA-274 was patched into Linux 4.9 almost a year ago:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=987156381c5f875d75ef1f7cc29994d82f646dad
> 
> That's 4.9.124, so yes, 4.9.177 has it.
> 
> -- 
> Kevin Stange
> Chief Technology Officer
> Steadfast | Managed Infrastructure, Datacenter and Cloud Services
> 800 S Wells, Suite 190 | Chicago, IL 60607
> 312.602.2689 X203 | Fax: 312.602.2688
> kevin at steadfast.net | www.steadfast.net