I've already emailed the centos-virt mailing list (Not heard back), as I'm a bit concerned about the frequency of updates to the xen and kernel packages in Xen4centos, especially given the number of people using them and the "no lag" policy on the site.<br />
<br />
Latest 3.4.x upstream is 3.10.43 yet the latest kernel-xen RPM is 3.10.34<br />
<br />
The latest xen hypervisor RPM 4.2.4-30.el6.centos is patched upto XSA89, so is currently vulnerable to issues from XSA92 and XSA96. Granted the patches for XSA96 have only been around for just over a week, but XSA92's patch was announced on 1st May.<br />
<br />
If manpower is an issue I'm more than happy to do security patches, if thats a possibility. I previously maintained a repo of Xen for CentOS 5 & 6 for well over a year.<br />
<br />
Otherwise I'll have to spin my own packages again, no biggie but kind of defeats the point of the project.<br />
<br />
Cheers
↧