Am 25.10.18 um 10:08 schrieb Peter Dreuw: > Am 24.10.18 um 20:34 schrieb Antoine Beaupré: >>> I am not sure if this can be done with Xen 4.4 - at least not to a level >>> of a 100% solution. Looking into the upstream code for e.g. 4.6 there >>> are many changes that would need to be considered. I am thinking of >>> this, currently, yes. The same goes to >>> >>> >>> XSA 263 / CVE-2018-3639 >>> >>> XSA 267 / CVE-2018-3665 >>> >>> XSA 273 / CVE-2018-3620,CVE-2018-3646 >>> >>> The upstream fixes for these XSA rely on the XSA 254 work already done. >>> So getting xsa 263/267/273 fixed would need to adapt much of the work >>> done for xsa 254. >> Right. It's a huge challenge and sensitive if not confusing code. > yes, it is. I think it will be doable but I have no real idea how mich > time this would consume.
may one point to make it clear, tho it might be obvious to most of you: We can apply fixes to the original Xen 4.4 version and have done everything possible - without a fixed kernel, there is no mitigation of spectre/meltdown. The same applies to any other virtualization solution. So people have to work with a more recent Kernel or live with unfixed spectre/meltdown issues. If you are using a backports kernel, you might be willing to use a backports Xen package, too. From my perspective, looking into these fixes for 4.4 is more future oriented;) There are already some fixes for more recent XSA like XSA 263, 267 and 273, which partly depend on the code introduced with the various XSA 254 fixes. Cheers Peter -- Peter Dreuw Teamleiter Tel.: +49 2166 9901-155 Fax: +49 2166 9901-100 E-Mail: [email protected] gpg fingerprint: 33B0 82D3 D103 B594 E7D3 53C7 FBB6 3BD0 DB32 ED41 http://www.credativ.de/ ********************************************** Jetzt neu: Elephant Shed - PostgreSQL Appliance PostgreSQL und alles was dazugehört Von Backup über Monitoring bis Reporting: https://elephant-shed.io/index.de.html ********************************************** credativ GmbH, HRB Mönchengladbach 12080 USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer Unser Umgang mit personenbezogenen Daten unterliegt folgenden Bestimmungen: https://www.credativ.de/datenschutz
<<attachment: peter_dreuw.vcf>>
