similar to: CentOS 6 Xen package update (including XSA-156)

On Thu, Nov 12, 2015 at 02:00:27PM +0000, George Dunlap wrote: > So going forward, we're moving the CentOS 6 Xen packages from the > custom "xen4" repos that were introduced several years ago, to repos > based on its position as a sub-project of the Virt Sig. That will > make things consistent between all the sigs, as well as between CentOS > 6 and 7 Xen packages.

So going forward, we're moving the CentOS 6 Xen packages from the custom "xen4" repos that were introduced several years ago, to repos based on its position as a sub-project of the Virt Sig. That will make things consistent between all the sigs, as well as between CentOS 6 and 7 Xen packages. Unfortunately, XSA-156 came up rather suddenly and is a bit blocked by this transition.

Hello, On Sun, Nov 15, 2015 at 06:42:18PM +0200, Pasi K?rkk?inen wrote: > On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi K?rkk?inen wrote: > > On Thu, Nov 12, 2015 at 02:00:27PM +0000, George Dunlap wrote: > > > So going forward, we're moving the CentOS 6 Xen packages from the > > > custom "xen4" repos that were introduced several years ago, to repos >

On Wed, Nov 18, 2015 at 02:20:49PM +0200, Manuel Wolfshant wrote: > On 11/18/2015 02:08 PM, Pasi K?rkk?inen wrote: > >Hello, > > > >On Sun, Nov 15, 2015 at 06:42:18PM +0200, Pasi K?rkk?inen wrote: > >>On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi K?rkk?inen wrote: > >>>On Thu, Nov 12, 2015 at 02:00:27PM +0000, George Dunlap wrote: > >>>>So

On Thu, Nov 19, 2015 at 12:28 PM, George Dunlap <dunlapg at umich.edu> wrote: > On Wed, Nov 18, 2015 at 1:31 PM, Pasi K?rkk?inen <pasik at iki.fi> wrote: >> On Wed, Nov 18, 2015 at 02:20:49PM +0200, Manuel Wolfshant wrote: >>> On 11/18/2015 02:08 PM, Pasi K?rkk?inen wrote: >>> >Hello, >>> > >>> >On Sun, Nov 15, 2015 at 06:42:18PM

On 11/12/2015 04:00 PM, George Dunlap wrote: > To update to the new repository structure, install the > centos-release-xen package directly from the new repo: > > yum updatehttp://mirror.centos.org/centos/6/virt/x86_64/xen/centos-release-xen-7-11.el6.x86_64.rpm > > This should replace the xen4 repositories with the new virt sig [root at xenh4bis ~]# yum update -y

On Thu, Nov 12, 2015 at 2:03 PM, Manuel Wolfshant <wolfy at nobugconsulting.ro> wrote: > On 11/12/2015 04:00 PM, George Dunlap wrote: >> >> To update to the new repository structure, install the >> centos-release-xen package directly from the new repo: >> >> yum >>

On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi K?rkk?inen wrote: > On Thu, Nov 12, 2015 at 02:00:27PM +0000, George Dunlap wrote: > > So going forward, we're moving the CentOS 6 Xen packages from the > > custom "xen4" repos that were introduced several years ago, to repos > > based on its position as a sub-project of the Virt Sig. That will > > make things

On 11/18/2015 02:08 PM, Pasi K?rkk?inen wrote: > Hello, > > On Sun, Nov 15, 2015 at 06:42:18PM +0200, Pasi K?rkk?inen wrote: >> On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi K?rkk?inen wrote: >>> On Thu, Nov 12, 2015 at 02:00:27PM +0000, George Dunlap wrote: >>>> So going forward, we're moving the CentOS 6 Xen packages from the >>>> custom

On Wed, Nov 18, 2015 at 1:31 PM, Pasi K?rkk?inen <pasik at iki.fi> wrote: > On Wed, Nov 18, 2015 at 02:20:49PM +0200, Manuel Wolfshant wrote: >> On 11/18/2015 02:08 PM, Pasi K?rkk?inen wrote: >> >Hello, >> > >> >On Sun, Nov 15, 2015 at 06:42:18PM +0200, Pasi K?rkk?inen wrote: >> >>On Sun, Nov 15, 2015 at 02:04:58PM +0200, Pasi K?rkk?inen wrote:

As you may have noticed, XSA-156 is due to be released publicly at 12:01am tomorrow (10 November). I've prepped packages, and before I leave today will set a script to send them to the CBS at 12:01 exactly. Packages should end up in virt6-xen-44-candidate within probably half an hour after that. If something goes wrong, I'll try to have it sorted out when I come in tomorrow morning

so i guess i was not paying too close attention and upgraded to xen 4.6.1 before i migrated my domU configurations to libxl :{ i have tried for a couple of hours this morning to find a way to do the conversion in a post xend world, but can?t seem to do it. I still have all my disk images, and i see the domain config.sxp configuration files in /var/lib/xend/domains/<uuid> but i am not enough

> On Sat, Apr 16, 2016 at 5:40 PM, rgritzo <rgritzo at gmail.com <https://lists.centos.org/mailman/listinfo/centos-virt>> wrote: > > so i guess i was not paying too close attention and upgraded to xen 4.6.1 before i migrated my domU configurations to libxl :{ > > Just FYI, as a fall-back you can always move yourself to the Xen 4.4 "track" by: > 1.

xen 4.6.1-5 has been build and should be available in buildlogs soon (available via the centos-virt-xen-testing repo). More information can be found here: http://xenbits.xen.org/xsa/advisory-172.html A signed copy should hit the mirrors tomorrow. Please report any problems on this list. Thanks, -George

Hello, Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? Thank you

We just sent the message below to the security advisory predisclosure list, relating to the release of XSA-26 to XSA-32. As you will see, these have now been publicly released. We''ll have a proper conversation about this in a week or two. Thanks for your attention, Ian. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We regret to announce that a member of the predisclosure list

Ian Jackson writes ("64bit PV guest breakout [XSA-213]"): > Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-213.html Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"): > Source: xen > Version: 4.4.1-9 > Severity:

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a

Looks like this never got a response from anyone. On 6/25/19 10:15 AM, Yuriy Kohut wrote: > Hello, > > Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? XSA-289 is a tricky subject. In the end, it was effectively decided that these patches were not recommended until they were reviewed again and XSA-289 has no official list of flaws

On 02/17/2017 02:32 PM, Kevin Stange wrote: > Given the circumstances, might it make sense to offer formal advisories > of some type for these to indicate when the packages going to live are > for security or other reasons? > We release xen every 2nd (even numbered) release as a goal (4.4, 4.6, 4.8) We don't normally release anything other than security updates. This is a SIG