Hi Scott, > How about the latest RHEL4-based OpenVZ kernel? Is it vulnerable? No, it is not vulnerable simply because all vulnerable protocols are absent in the kernel (switched off in our configs).
> Are there any other advantages to the current RHEL5 kernel vs. the current > RHEL4 kernel? Well, quite a difficult question. On the other hand - 2.6.18-x kernels are just newer, contain some improvements, in particular in performance. Not giant but still. Some new useful features like kexec/kdump - for debugging. As you've already noted - just updates for 2.6.18-x are released more often. On the other hand - if you have a stable node and do not suffer from any problem - i'd just leave it as is. -- Konstantin On 08/18/2009 07:33 PM, Scott Dowdle wrote: > Konstantin (or Kir), > > ----- "Konstantin Khorenko" <khore...@openvz.org> wrote: >> just wanted to share the info: >> i checked this issue and found that 2.6.18-128.2.1.el5.028stab064.4 >> kernel (latest OVZ) is immune to the exploits on the issue described >> at http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html >> Exploits do not work both inside a Container and on a Hardware Node. > > That IS good to know. Thanks for the information. All of my OpenVZ boxes > are running the latest RHEL5 kernel so those are good. > > How about the latest RHEL4-based OpenVZ kernel? Is it vulnerable? And if > so, should we expect an update for that real soon now? I still have one > CentOS4-based box running the latest RHEL4-based kernel > (ovzkernel-smp-2.6.9-023stab048.6). > > I've heard that one can run a RHEL5 kernel on a RHEL4 host node but I haven't > tried it. The machine in question I'm a little more weary of trying new > things with because it is a remote machine I don't have physical access to > and I want to avoid excessive downtime... but if there are a lot of > RHEL4/CentOS4 host node users running the RHEL5 kernel, I'll consider > switching... although on the OpenVZ kernel download page > (http://wiki.openvz.org/Download/kernel) says the RHEL4 kernek is "Super > stable" and the RHEL5 kernel is "Stable". :) > > If the RHEL4-based kernel is vulnerable (which I'm not sure about yet) and > the RHEL5 kernel isn't then that would be one advantage. Are there any other > advantages to the current RHEL5 kernel vs. the current RHEL4 kernel? > > Thanks, _______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
