[Users] X86_BUG_CPU_INSECURE

Konstantin Bukharov bkb at virtuozzo.com
Tue Jan 9 22:45:54 MSK 2018 

Hello Jehan,

Could you provide output from your system for the next command:
yum repolist -v

>From your letter it seems that you have only 'Virtuozzo Linux' repositories configured and none for 'Virtuozzo' (aka OpenVZ).

Best regards,
Konstantin


-----Original Message-----
From: users-bounces at openvz.org [mailto:users-bounces at openvz.org] On Behalf Of Jehan Procaccia
Sent: Tuesday, January 9, 2018 21:54
To: OpenVZ users <users at openvz.org>; Vasiliy Averin <vvs at virtuozzo.com>
Subject: Re: [Users] X86_BUG_CPU_INSECURE

Does this concern "free/not-licenced" virtuozzo 7 ?
I don't beneficiate of "ready-kernel" in that case, did you issued an 
exeptionnal out of cycle (3 mouths) updates ?

here's my situation that is not clear :

# cat /etc/redhat-release
Virtuozzo Linux release 7.4

# uname -a
Linux myserver.domain.fr 3.10.0-693.1.1.vz7.37.30 #1 SMP Wed Nov 15 
20:42:09 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux

when I issued a yum update I got  kmod  packages , are these a meltdown 
& spectre patches ?
Mise à jour :
  kmod                    x86_64 20-15.vl7.6               
virtuozzolinux-base               120 k
  kmod-libs               x86_64 20-15.vl7.6               
virtuozzolinux-base                50 k

not sure regarding changelogs dates :

# rpm -q --changelog kmod-20-15.vl7.6.x86_64 | more
* jeu. nov. 16 2017 Yauheni Kaliuta <ykaliuta at redhat.com> - 20-15.el7_4.6
- Backport external directories support.
   Related: rhbz#1511943.
...

thanks for your precisions .

regards .


Le 09/01/2018 à 10:22, Vasily Averin a écrit :
> OpenVZ7 update was released.
>
> It includes new kenrel, criu, qemu-kvm and libvirt.
>
> https://download.openvz.org/virtuozzo/releases/openvz-7.0.6-509/
> https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/
>
> Thank you,
> 	Vasily Averin
>
> On 2018-01-06 14:40, Vasily Averin wrote:
>> We have released fixed RHEL6-based kernel,
>> please update your nodes to 2.6.32-042stab127.2 kernel
>>
>> Thank you,
>> 	Vasily Averin
>>
>> On 2018-01-04 06:03, Alex Kobets wrote:
>>> Hi,
>>>
>>>
>>> Virtuozzo will release the kernel with fix asap.
>>>
>>> We have it under testing right now
>>>
>>>
>>> Thank you,
>>>
>>> Alex
>>>
>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>> *From:* users-bounces at openvz.org <users-bounces at openvz.org> on behalf of Hristo Benev <foxb at abv.bg>
>>> *Sent:* Wednesday, January 3, 2018 6:39:10 PM
>>> *To:* zoobab at gmail.com; OpenVZ users
>>> *Subject:* Re: [Users] X86_BUG_CPU_INSECURE
>>>   
>>>> -------- Оригинално писмо --------
>>>> От: Benjamin Henrion zoobab at gmail.com
>>>> Относно: [Users] X86_BUG_CPU_INSECURE
>>>> До: "OpenVZ users list. This is THE list you need." <users at openvz.org>
>>>> Изпратено на: 03.01.2018 03:02
>>>
>>>> Hi,
>>>>
>>>> Just reading this:
>>>>
>>>> https://amp.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/
>>>>
>>>> Xen seems to have a pending patch to be release this week, but people
>>>> are speculating now that you could bypass the entire isolation process
>>>> provided by any hypervisor.
>>>>
>>>> Wait and see how this will be exploited, but you can be sure there
>>>> will be exploits soon in the wild.
>>>>
>>>> The patch for software mitigation seems to be big and performance impacting.
>>>>
>>>> But that would probably mean that containers can be bypassed.
>>>>
>>>> Wait and see,
>>>>
>>>> -- 
>>>> Benjamin Henrion (zoobab)
>>>> Email: zoobab at gmail.com
>>>> Mobile: +32-484-566109
>>>> Web: http://www.zoobab.com
>>>> FFII.org Brussels
>>>> "In July 2005, after several failed attempts to legalise software
>>>> patents in Europe, the patent establishment changed its strategy.
>>>> Instead of explicitly seeking to sanction the patentability of
>>>> software, they are now seeking to create a central European patent
>>>> court, which would establish and enforce patentability rules in their
>>>> favor, without any possibility of correction by competing courts or
>>>> democratically elected legislators."
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/users
>>>
>>> https://spectreattack.com
>>>
>>> States that OpenVZ might be affected.
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users




_______________________________________________
Users mailing list
Users at openvz.org
https://lists.openvz.org/mailman/listinfo/users

More information about the Users mailing list