[Users] [Announce] [security] Kernel RHEL6 042stab090.3

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Sun Jun 8 08:32:32 PDT 2014 

> Am 07.06.2014 um 11:12 schrieb Kir Kolyshkin <kir at openvz.org>:
> 
>> On 06/06/2014 09:48 PM, Stefan Priebe - Profihost AG wrote:
>> Oh sorry. My fault. Yes it's the same with 090.2
> 
> I tried to reproduce it locally on an CentOS x86_64 box with the following set of commands,
> (checking that every one of those succeeds):
> 
>     yum -y update
>     yum -u install yum-utils
>     rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
>     wget http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/vzkernel-2.6.32-042stab090.2.src.rpm
>     yum-builddep -y vzkernel-2.6.32-042stab090.2.src.rpm
>     rpmbuild --rebuild vzkernel-2.6.32-042stab090.2.src.rpm
> 
> The end result is built kernel packages.
> 
> So, then I tried building from source+patch:
> 
>     wget http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/patches/patch-042stab090.2-combined.gz
>     wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.xz
>     tar xf linux-2.6.32.tar.xz
>     cd linux-2.6.32
>     gzip -dc ../patch-042stab090.2-combined.gz | patch -p1
>     wget http://download.openvz.org/kernel/branches/rhel6-2.6.32-testing/042stab090.2/configs/config-2.6.32-042stab090.2.x86_64
>     mv config-2.6.32-042stab090.2.x86_64 .config
>     make oldconfig
>     make -j16
> 
> Same result -- it was built w/o errors.
> 
> So, I was not able to reproduce your issue in either way.
> 
> *Two questions:*
> 
> 1. Can you please describe how you build the kernel (including the build
> environment description), in a way so I will be able to reproduce it locally
> (for example, something similar to the above)?

Mhm debian 7.5 using a custom config. But while looking through the source code i was not able to der a
reason why it shouldn't work. 

> 2. (Just curious) What is the reason you are building your own kernels
> instead of relying on packaged binaries that we release? Sorry if I already
> asked.

Needed some tweaks newer intel 10gbe drivers, ISO vfs support inside guest, netconsole build inside kernel instead of module...

Stefan

> Kir.
> 
>> 
>> Stefan
>> 
>> Excuse my typo sent from my mobile phone.
>> 
>> Am 07.06.2014 um 06:23 schrieb Kir Kolyshkin <kir at openvz.org>:
>> 
>>> Kostya, can you please take a quick look?
>>> 
>>> Stefan,
>>> 
>>> Did you have the same problem with 090.2? This release (090.3) only patches futex code
>>> and has nothing to do with iptables. 
>>> 
>>> Also, please refrain from using private emails (or announce@) -- instead use either users@
>>> mailing list or bugzilla. Thanks!
>>> 
>>> Kir.
>>> 
>>> -------- Original Message --------
>>> Subject:	Re: [Announce] [security] Kernel RHEL6 042stab090.3
>>> Date:	Sat, 7 Jun 2014 00:27:37 +0200
>>> From:	Stefan Priebe <s.priebe at profihost.ag>
>>> To:	Kir Kolyshkin <kir at openvz.org>, "announce at openvz.org" <announce at openvz.org>
>>> 
>>> while compiling i always get:
>>> ERROR: "module_payload_allowed" [net/netfilter/x_tables.ko] undefined!
>>> 
>>> Stefan
>>> Am 06.06.2014 21:05, schrieb Kir Kolyshkin:
>>> > OpenVZ project released an updated RHEL6 based kernel. Read below for
>>> > more information. Everyone is advised to update.
>>> >
>>> >
>>> > Changes and Download
>>> > ====================
>>> > * Security fix for CVE-2014-3153
>>> >
>>> > https://openvz.org/Download/kernel/rhel6/042stab090.3
>>> >
>>> >
>>> > Bug reporting
>>> > =============
>>> > Use http://bugzilla.openvz.org/  to report any bugs found.
>>> >
>>> >
>>> > Other sources of info on updates
>>> > ================================
>>> > See http://wiki.openvz.org/News  to view all the news (including updates)
>>> > online. There you can also find RSS/Atom feed links.
>>> >
>>> >
>>> > Regards,
>>> >    OpenVZ team
>>> >
>>> > _______________________________________________
>>> > Announce mailing list
>>> > Announce at openvz.org
>>> > https://lists.openvz.org/mailman/listinfo/announce
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140608/a2045e8f/attachment-0001.html>

More information about the Users mailing list