Yuriy Kohut
2019-Jun-25 15:15 UTC
[CentOS-virt] Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Hello, Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? Thank you
Kevin Stange
2019-Jun-28 15:47 UTC
[CentOS-virt] Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Looks like this never got a response from anyone. On 6/25/19 10:15 AM, Yuriy Kohut wrote:> Hello, > > Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ?XSA-289 is a tricky subject. In the end, it was effectively decided that these patches were not recommended until they were reviewed again and XSA-289 has no official list of flaws or fixes as a result. The main mitigation action suggested is to disable SMT on the CPU if possible. XSA-274 was patched into Linux 4.9 almost a year ago: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=987156381c5f875d75ef1f7cc29994d82f646dad That's 4.9.124, so yes, 4.9.177 has it. -- Kevin Stange Chief Technology Officer Steadfast | Managed Infrastructure, Datacenter and Cloud Services 800 S Wells, Suite 190 | Chicago, IL 60607 312.602.2689 X203 | Fax: 312.602.2688 kevin at steadfast.net | www.steadfast.net
Yuriy Kohut
2019-Jul-01 08:07 UTC
[CentOS-virt] Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
Hello Kevin, Thank you in advance for the reply. Will mark XSA-274 as fixed for us.> On Jun 28, 2019, at 6:47 PM, Kevin Stange <kevin at steadfast.net> wrote: > > Looks like this never got a response from anyone. > > On 6/25/19 10:15 AM, Yuriy Kohut wrote: >> Hello, >> >> Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? > > XSA-289 is a tricky subject. In the end, it was effectively decided > that these patches were not recommended until they were reviewed again > and XSA-289 has no official list of flaws or fixes as a result. The > main mitigation action suggested is to disable SMT on the CPU if possible. > > XSA-274 was patched into Linux 4.9 almost a year ago: > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=987156381c5f875d75ef1f7cc29994d82f646dad > > That's 4.9.124, so yes, 4.9.177 has it. > > -- > Kevin Stange > Chief Technology Officer > Steadfast | Managed Infrastructure, Datacenter and Cloud Services > 800 S Wells, Suite 190 | Chicago, IL 60607 > 312.602.2689 X203 | Fax: 312.602.2688 > kevin at steadfast.net | www.steadfast.net