Xen Kernel-3.18.25-18 For EL6 And EL7 (CVE-2016-0728)
There is now a kernel-3.18.25-18 that fixes CVE-2016-0728 (and upgrades to the lastest 3.18 LTS kernel) for Xen4CentOS users.
This kernel can be tested from here:
http://cbs.CentOS.org/repos/virt6-xen-common-testing/x86_64/os/Packages/
(CentOS-6)
and here:
http://cbs.CentOS.org/repos/virt7-xen-common-testing/x86_64/os/Packages/
(CentOS-7)
Once we get several tested installs we can move this to released. For more info on CVE-2016-0728:
http://bit.ly/1nifPm4
There is info in the above link on testing the vulnerability is fixed .. see the code under ‘Triggering the bug from userspace is fairly straightforward, as we can see in the following code snippet’.
Reports that the kernel works, and that the CVE-2016-0728 issue is tested (before and after installing the new kernel) would be greatly appreciated on this thread.
The following changelogs are also applicable in a upgrade from the current 3.18.21-17 release and this 3.18.25-18 release:
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.25
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.24
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.22
Thanks. Johnny Hughes
2 thoughts on - Xen Kernel-3.18.25-18 For EL6 And EL7 (CVE-2016-0728)
NOTE:
Those kernels will also end up in:
http://buildlogs.CentOS.org/CentOS/6/virt/x86_64/xen/
and
http://buildlogs.CentOS.org/CentOS/7/virt/x86_64/xen/
Soon
(the kernel-3.18.25-17 kernel, without the CVE fix, is already there)
Thanks, Johnny Hughes
OK, I can verify (for me), based on the ‘leak’ binary in compiled from
http://bit.ly/1nifPm4
That kernel-3.18.25-17 ‘DOES’ have the CVE issue and that kernel-3.18.25-18 DOES NOT have the CVE leak issue.
Feedback required from others.
Thanks, Johnny Hughes