Scott Silva wrote: > on 5-29-2008 12:42 PM Ned Slider spake the following: >> Joe Pruett wrote: >>> On Thu, 29 May 2008, Johnny Hughes wrote: >>> >>>> This is already solved on another thread ... but for closure on this >>>> one, there is a known bug here with that kernel and ipsec: >>>> >>>> http://bugs.centos.org/view.php?id=2853 >>> >>> that bug entry does say to use the upstream bug for info about a >>> workaround, but the upstream bug is blocked to mere mortals. is >>> there a workaround other than just using the older kernel? >> >> >> Did you see the added note? >> >> I quote: >> >> "For the benefit of those who do not have access to the upstream >> bugzilla report, this bug has been fixed in the updated 5.2 kernel >> (version number 2.6.18-92.el5), and this kernel also contains the >> CVE-2007-6282 patch. I would recommend that people affected by this >> bug upgrade to 2.6.18-92.el5." > Is that the kernel to be released with 5.2? yes ... and we have it built already ... but I am not sure everything else that might need to go with it. module-init-tools and mkinitrd are also upgrades so those for sure But rather than releasing pieces, I would think that using the older kernels on ipsec machines would be best for a couple weeks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080529/c6c0f834/attachment-0005.sig>