Johnny Hughes
2016-Jan-19 23:22 UTC
[CentOS-virt] Xen kernel-3.18.25-18 for EL6 and EL7 (CVE-2016-0728)
There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades to the lastest 3.18 LTS kernel) for Xen4CentOS users. This kernel can be tested from here: http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ (CentOS-6) and here: http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ (CentOS-7) Once we get several tested installs we can move this to released. For more info on CVE-2016-0728: http://bit.ly/1nifPm4 There is info in the above link on testing the vulnerability is fixed .. see the code under 'Triggering the bug from userspace is fairly straightforward, as we can see in the following code snippet'. Reports that the kernel works, and that the CVE-2016-0728 issue is tested (before and after installing the new kernel) would be greatly appreciated on this thread. The following changelogs are also applicable in a upgrade from the current 3.18.21-17 release and this 3.18.25-18 release: https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.25 https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.24 https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.23 https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.22 Thanks. Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160119/bbc0ea49/attachment-0002.sig>
Johnny Hughes
2016-Jan-19 23:28 UTC
[CentOS-virt] Xen kernel-3.18.25-18 for EL6 and EL7 (CVE-2016-0728)
On 01/19/2016 05:22 PM, Johnny Hughes wrote:> There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades > to the lastest 3.18 LTS kernel) for Xen4CentOS users. > > This kernel can be tested from here: > > http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ > (CentOS-6) > > and here: > > http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ > (CentOS-7) >NOTE: Those kernels will also end up in: http://buildlogs.centos.org/centos/6/virt/x86_64/xen/ and http://buildlogs.centos.org/centos/7/virt/x86_64/xen/ Soon (the kernel-3.18.25-17 kernel, without the CVE fix, is already there) Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160119/8710e2c9/attachment-0002.sig>
Johnny Hughes
2016-Jan-20 00:37 UTC
[CentOS-virt] Xen kernel-3.18.25-18 for EL6 and EL7 (CVE-2016-0728)
On 01/19/2016 05:28 PM, Johnny Hughes wrote:> On 01/19/2016 05:22 PM, Johnny Hughes wrote: >> There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades >> to the lastest 3.18 LTS kernel) for Xen4CentOS users. >> >> This kernel can be tested from here: >> >> http://cbs.centos.org/repos/virt6-xen-common-testing/x86_64/os/Packages/ >> (CentOS-6) >> >> and here: >> >> http://cbs.centos.org/repos/virt7-xen-common-testing/x86_64/os/Packages/ >> (CentOS-7) >> > > NOTE: > > Those kernels will also end up in: > > > http://buildlogs.centos.org/centos/6/virt/x86_64/xen/ > > and > > http://buildlogs.centos.org/centos/7/virt/x86_64/xen/ > > Soon > > (the kernel-3.18.25-17 kernel, without the CVE fix, is already there) >OK, I can verify (for me), based on the 'leak' binary in compiled from http://bit.ly/1nifPm4 That kernel-3.18.25-17 'DOES' have the CVE issue and that kernel-3.18.25-18 DOES NOT have the CVE leak issue. Feedback required from others. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160119/f819e55b/attachment-0002.sig>