Re: Are XSA-289, XSA-274/CVE-2018-14678 fixed ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Looks like this never got a response from anyone.

On 6/25/19 10:15 AM, Yuriy Kohut wrote:
> Hello,
> Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages  ?

XSA-289 is a tricky subject.  In the end, it was effectively decided
that these patches were not recommended until they were reviewed again
and XSA-289 has no official list of flaws or fixes as a result.  The
main mitigation action suggested is to disable SMT on the CPU if possible.

XSA-274 was patched into Linux 4.9 almost a year ago:

That's 4.9.124, so yes, 4.9.177 has it.

Kevin Stange
Chief Technology Officer
Steadfast | Managed Infrastructure, Datacenter and Cloud Services
800 S Wells, Suite 190 | Chicago, IL 60607
312.602.2689 X203 | Fax: 312.602.2688
kevin@xxxxxxxxxxxxx |
CentOS-virt mailing list

[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     []     [Xfree86]     [Linux USB]

  Powered by Linux