[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

On 03/10/2010 02:49 PM, dann frazier wrote:
> On Wed, Mar 10, 2010 at 02:18:38PM -0500, Daniel Kahn Gillmor wrote:
>> It's not clear to me from the instructions above whether users should
>> re-build their kvm modules package as well as installing the revised
>> versions.
>> Is the vulnerability fully-resolved by simply upgrading the kvm package?
>> (i really don't know, and figure y'all are the right folks to ask). 
> If you've never built/installed modules from the kvm-source package,
> this advisory does not apply to you. If you have - you will need to
> update your kernel-source package and rebuild/reload those modules.

So i have a lenny system, running 2.6.26-2-amd64.  When it was running
2.6.26-1-amd64, i built and installed modules from the kvm_source. but
when i upgraded to 2.6.26-2-amd64, i didn't bother to build new modules,
and just went with the kvm modules shipped in the stock
linux-image-2.6.26-2-amd64 package.

A literal reading of your response above makes me think i need to do
rebuild for that system, but if i'm actually understanding you, it
sounds like i *don't* need to do a module rebuild.  argh.

sorry if this line of questioning is annoying or frustrating.  i'm not
trying to be obnoxious or pedantic, i'm trying to make sure i actually
understand the issue.

>> I note that there are kvm modules shipped with the default stable
>> kernel.
> Yes, these issues are being tracked there as well (3/4 are already
> fixed in the latest stable update)

Nice, thanks for the info.  So would the 4th be fixed if i went ahead
and rebuilt from the kvm_source package referenced by DSA-2010-1?



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: