[Users] CVE-2014-0196
Kir Kolyshkin
kir at openvz.org
Wed May 14 08:18:47 PDT 2014
On 05/14/2014 01:16 AM, Benjamin Henrion wrote:
> On Tue, May 13, 2014 at 5:56 PM, Kir Kolyshkin <kir at openvz.org> wrote:
>> We are receiving a lot of inquiries as to what is the status of OpenVZ
>> kernel
>> with respect to CVE-2014-0196. This email summarizes our knowledge as of
>> now.
>>
>> 1. RHEL5-based OpenVZ kernels (028stabXXX) are not affected.
>>
>> 2. RHEL6-based OpenVZ kernels (042stabXXX) released during last 12 months
>> are not affected.
>>
>> 3. Older 042stab kernel are affected. Therefore, if you run kernel released
>> older than May 2013 (see uname -v) please upgrade and reboot now.
>>
>> 3. Both OpenVZ kernel team and Red Hat are still looking into the issue,
>> an updated kernel might be available.
> Can you tell me if 061.2 is affected?
>
Most probably yes, as it was released in September 2012. Since that
time, there were
tons of security fixes, not to mention bug fixes and improvements.
More information about the Users
mailing list