[Users] [Announce] [security] Kernel RHEL6 042stab090.3

Kir Kolyshkin kir at openvz.org
Sat Jun 7 02:12:50 PDT 2014


On 06/06/2014 09:48 PM, Stefan Priebe - Profihost AG wrote:
> Oh sorry. My fault. Yes it's the same with 090.2

I tried to reproduce it locally on an CentOS x86_64 box with the 
following set of commands,
(checking that every one of those succeeds):

     yum -y update
     yum -u install yum-utils
     rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
     wget 
http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/vzkernel-2.6.32-042stab090.2.src.rpm
     yum-builddep -y vzkernel-2.6.32-042stab090.2.src.rpm
     rpmbuild --rebuild vzkernel-2.6.32-042stab090.2.src.rpm

The end result is built kernel packages.

So, then I tried building from source+patch:

     wget 
http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/patches/patch-042stab090.2-combined.gz
     wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.xz
     tar xf linux-2.6.32.tar.xz
     cd linux-2.6.32
     gzip -dc ../patch-042stab090.2-combined.gz | patch -p1
     wget 
http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/configs/config-2.6.32-042stab090.2.x86_64
     mv config-2.6.32-042stab090.2.x86_64 .config
     make oldconfig
     make -j16

Same result -- it was built w/o errors.

So, I was not able to reproduce your issue in either way.

*Two questions:*

1. Can you please describe how you build the kernel (including the build
environment description), in a way so I will be able to reproduce it locally
(for example, something similar to the above)?

2. (Just curious) What is the reason you are building your own kernels
instead of relying on packaged binaries that we release? Sorry if I already
asked.

Kir.

>
> Stefan
>
> Excuse my typo sent from my mobile phone.
>
> Am 07.06.2014 um 06:23 schrieb Kir Kolyshkin <kir at openvz.org 
> <mailto:kir at openvz.org>>:
>
>> Kostya, can you please take a quick look?
>>
>> Stefan,
>>
>> Did you have the same problem with 090.2? This release (090.3) only 
>> patches futex code
>> and has nothing to do with iptables.
>>
>> Also, please refrain from using private emails (or announce@) -- 
>> instead use either users@
>> mailing list or bugzilla. Thanks!
>>
>> Kir.
>>
>> -------- Original Message --------
>> Subject: 	Re: [Announce] [security] Kernel RHEL6 042stab090.3
>> Date: 	Sat, 7 Jun 2014 00:27:37 +0200
>> From: 	Stefan Priebe <s.priebe at profihost.ag>
>> To: 	Kir Kolyshkin <kir at openvz.org>, "announce at openvz.org" 
>> <announce at openvz.org>
>>
>>
>>
>> while compiling i always get:
>> ERROR: "module_payload_allowed" [net/netfilter/x_tables.ko] undefined!
>>
>> Stefan
>> Am 06.06.2014 21:05, schrieb Kir Kolyshkin:
>> > OpenVZ project released an updated RHEL6 based kernel. Read below for
>> > more information. Everyone is advised to update.
>> >
>> >
>> > Changes and Download
>> > ====================
>> > * Security fix for CVE-2014-3153
>> >
>> >https://openvz.org/Download/kernel/rhel6/042stab090.3
>> >
>> >
>> > Bug reporting
>> > =============
>> > Usehttp://bugzilla.openvz.org/   to report any bugs found.
>> >
>> >
>> > Other sources of info on updates
>> > ================================
>> > Seehttp://wiki.openvz.org/News   to view all the news (including updates)
>> > online. There you can also find RSS/Atom feed links.
>> >
>> >
>> > Regards,
>> >    OpenVZ team
>> >
>> > _______________________________________________
>> > Announce mailing list
>> >Announce at openvz.org
>> >https://lists.openvz.org/mailman/listinfo/announce
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140607/64447a8e/attachment.html>


More information about the Users mailing list