Xen project Mailing List

Re: [Xen-users] [Xen-devel] Security patches

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Thu, 6 Sep 2012 09:56:42 +0100

Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 06 Sep 2012 08:58:20 +0000

List-id: Xen user discussion <xen-users.lists.xen.org>

On Thu, 2012-09-06 at 09:31 +0100, kk s wrote: > Hi, > > Can anyone give the patch file download link for the below xen > security for xen version 3.4 and 4.1? Since I couldn't find the > downloadable patch file for some of the CVE's. > > CVE-2012-0029 - > http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html (There is > no download link for both xen 3.4 and 4.1) > CVE-2012-2934 - > http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html (There > is no patch file to download of xen 3.4) > CVE-2012-3432 - > http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html (There is > no download link for both xen 3.4 and 4.1) > CVE-2012-3433 - > http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html (There is > no download link for both xen 3.4 and 4.1) It looks to me like there are changeset references and/or patches for all of these in the advisories. You might find it easier to follow: http://wiki.xen.org/wiki/Security_Announcements You can also always look in the appropriate xen-X.Y-testing.hg tree for the fix. > CVE-2012-3497 - > http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html (There > is no download link for patch) This is quite clearly explained in the advisory. > Also I have some doubts for the below CVE's. > > CVE-2012-3496 - Is this vulnerability affected for xen 4.x only or it > does include for xen 3.4 too? Since the patch name was > xsa14-xen-3.4-and-4.x.patch > http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html Yes, it looks like this effects 3.4 too. > CVE-2012-3516 - Shall I apply this unstable for patch for xen4.2 too? > http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html The advisory says "Xen-unstable, including Xen 4.2 release candidates are vulnerable to this issue.", so yes, obviously. In the future please carefully read the advisories before asking lots of questions, almost everything you have asked is addressed in the advisory texts AFAICT. Ian. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.