[Users] X86_BUG_CPU_INSECURE
Konstantin Bukharov
bkb at virtuozzo.com
Wed Jan 10 23:04:59 MSK 2018
Yes, kernel has right version.
To mitigate spectre, please follow https://help.virtuozzo.com/customer/portal/articles/2914675
And to mitigate spectre attacks from KVM VMs, please check that qemu-kvm-vz and libvirt packages are also updated.
-----Original Message-----
From: Jehan Procaccia [mailto:Jehan.Procaccia at it-sudparis.eu]
Sent: Wednesday, January 10, 2018 22:59
To: Konstantin Bukharov <bkb at virtuozzo.com>; OpenVZ users <users at openvz.org>; Vasiliy Averin <vvs at virtuozzo.com>
Subject: Re: [Users] X86_BUG_CPU_INSECURE
you were right, waiting overnight for mirrors to get updated, now I do
have an kernel update
# uname -a
Linux 3.10.0-693.11.6.vz7.40.4 #1 SMP Fri Jan 5 21:20:16 MSK 2018
x86_64 x86_64 x86_64 GNU/Linux
# rpm -q --changelog vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64 | more
* sam. janv. 06 2018 Konstantin Khorenko <khorenko at virtuozzo.com>
[3.10.0-693.11.6.vz7.40.4]
- vznetstat: Convert some kmalloc()/kfree() to __vmalloc()/vfree()
(Kirill Tkhai) [PSBM-79502]
- vznetstat: Add protection to venet_acct_set_classes() (Kirill Tkhai)
- ms/mm/mempolicy: Add cond_resched() in queue_pages_pte_range() (Andrey
Ryabinin) [PSBM-79273]
- ms/sctp: do not peel off an assoc from one netns to another one (Xin
Long) [PSBM-79325]
- ve: fix container stopped state check (Stanislav Kinsburskiy) [PSBM-78078]
...
no CVE mentioned , but I guess that these changes are related to
meltdown and spectre !?
Thanks
Le 09/01/2018 à 21:51, Konstantin Bukharov a écrit :
> Hello Jehan,
>
> Looks reasonable for me.
> Your FR mirrors for openvz-os & openvz-updates are just not in sync with out last update.
>
> Best regards,
> Konstantin
>
> PS. You could see list of required packages by URL provided by Vasiliy below:
> https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/
>
>
> -----Original Message-----
> From: Jehan Procaccia [mailto:Jehan.Procaccia at it-sudparis.eu]
> Sent: Tuesday, January 9, 2018 23:43
> To: OpenVZ users <users at openvz.org>; Konstantin Bukharov <bkb at virtuozzo.com>; Vasiliy Averin <vvs at virtuozzo.com>
> Subject: Re: [Users] X86_BUG_CPU_INSECURE
>
> here is my repolist -v , let me know if I miss some repos ?
>
> thanks
>
> # yum repolist -v
> Loading "fastestmirror" plugin
> Loading "langpacks" plugin
> Loading "openvz" plugin
> Loading "priorities" plugin
> Loading "product-id" plugin
> Loading "refresh-packagekit" plugin
> Loading "rhsm-auto-add-pools" plugin
> Loading "search-disabled-repos" plugin
> Not loading "subscription-manager" plugin, as it is disabled
> Loading "vzlinux" plugin
> Adding en_US.UTF-8 to language list
> Config time: 0.069
> Yum version: 3.4.3
> Trying to discover and attach new pools
> Loading mirror speeds from cached hostfile
> * openvz-os: ftp.lip6.fr
> * openvz-updates: ftp.lip6.fr
> Setting up Package Sacks
> --> anaconda-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> anaconda-core-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> anaconda-dracut-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> anaconda-gui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> anaconda-tui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> anaconda-widgets-21.48.22.121-3.vl7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> anaconda-widgets-devel-21.48.22.121-3.vl7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> crit-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority)
> --> criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority)
> --> ipxe-bootimgs-20170123-1.git4e85b27.vl7.1.noarch from
> virtuozzolinux-base excluded (priority)
> --> ipxe-roms-20170123-1.git4e85b27.vl7.1.noarch from
> virtuozzolinux-base excluded (priority)
> --> ipxe-roms-qemu-20170123-1.git4e85b27.vl7.1.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:libguestfs-bash-completion-1.28.1-1.55.vl7.7.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-gobject-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-gobject-devel-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-gobject-doc-1.28.1-1.55.vl7.7.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-java-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-java-devel-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-javadoc-1.28.1-1.55.vl7.7.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-man-pages-ja-1.28.1-1.55.vl7.7.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-man-pages-uk-1.28.1-1.55.vl7.7.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-tools-1.28.1-1.55.vl7.7.noarch from
> virtuozzolinux-base excluded (priority)
> --> 1:libguestfs-tools-c-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> libvirt-client-2.0.0-10.vl7.5.i686 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-client-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-daemon-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-daemon-config-network-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-config-nwfilter-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-interface-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-lxc-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-network-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-nodedev-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-nwfilter-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-qemu-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-secret-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-driver-storage-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-daemon-kvm-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-daemon-lxc-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-devel-2.0.0-10.vl7.5.i686 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-devel-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-docs-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-lock-sanlock-2.0.0-10.vl7.5.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> libvirt-login-shell-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-nss-2.0.0-10.vl7.5.i686 from virtuozzolinux-base excluded
> (priority)
> --> libvirt-nss-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> libvirt-python-1.2.17-2.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:lua-guestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:ocaml-libguestfs-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:ocaml-libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> 1:perl-Sys-Guestfs-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> ploop-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded (priority)
> --> ploop-devel-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> ploop-lib-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> pykickstart-1.99.66.12-1.vl7.noarch from virtuozzolinux-base
> excluded (priority)
> --> 1:python-blivet-0.61.15.65-1.vl7.2.noarch from virtuozzolinux-base
> excluded (priority)
> --> python-criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:python-libguestfs-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> python-ploop-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> python-subprocess32-3.2.6-5.vl7.3.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded (priority)
> --> 1:qt-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded (priority)
> --> 1:qt-assistant-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-config-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-demos-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-devel-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-devel-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-devel-private-4.8.5-15.vl7.noarch from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-doc-4.8.5-15.vl7.noarch from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-examples-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-examples-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-mysql-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-mysql-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-odbc-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-odbc-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-postgresql-4.8.5-15.vl7.i686 from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-postgresql-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-qdbusviewer-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> 1:qt-qvfb-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-x11-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
> (priority)
> --> 1:qt-x11-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
> (priority)
> --> readykernel-scan-0.8-1.vl7.noarch from virtuozzolinux-base
> excluded (priority)
> --> rsync-3.0.9-18.vl7.x86_64 from virtuozzolinux-base excluded (priority)
> --> 1:ruby-libguestfs-1.28.1-1.55.vl7.7.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> seabios-bin-1.8.2-2.vl7.2.noarch from virtuozzolinux-base excluded
> (priority)
> --> seavgabios-bin-1.8.2-2.vl7.2.noarch from virtuozzolinux-base
> excluded (priority)
> --> virt-install-1.3.0-1.vl7.noarch from virtuozzolinux-base excluded
> (priority)
> --> virt-manager-1.3.0-1.vl7.noarch from virtuozzolinux-base excluded
> (priority)
> --> virt-manager-common-1.3.0-1.vl7.noarch from virtuozzolinux-base
> excluded (priority)
> --> 1:virt-v2v-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> vzkernel-3.10.0-514.26.1.vz7.33.22.x86_64 from virtuozzolinux-base
> excluded (priority)
> --> vzkernel-debug-3.10.0-514.26.1.vz7.33.22.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> vzkernel-debug-devel-3.10.0-514.26.1.vz7.33.22.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> vzkernel-devel-3.10.0-514.26.1.vz7.33.22.x86_64 from
> virtuozzolinux-base excluded (priority)
> --> vzkernel-headers-3.10.0-514.26.1.vz7.33.22.x86_64 from
> virtuozzolinux-base excluded (priority)
> 97 packages excluded due to repository priority protections
> pkgsack time: 0.763
> Repo-id : dell-system-update_dependent/7/x86_64
> Repo-name : dell-system-update_dependent
> Repo-revision: 1513237536
> Repo-updated : Thu Dec 14 08:45:38 2017
> Repo-pkgs : 57
> Repo-size : 168 M
> Repo-mirrors :
> http://linux.dell.com/repo/hardware/latest/mirrors.cgi?osname=el7&basearch=x86_64&native=1
> Repo-baseurl :
> http://linux.dell.com/repo/hardware/latest/os_dependent/RHEL7_64/
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:02 2018)
> Filter : read-only:present
> Repo-filename: /etc/yum.repos.d/dell-system-update.repo
>
> Repo-id : dell-system-update_independent
> Repo-name : dell-system-update_independent
> Repo-revision: 1513237394
> Repo-updated : Thu Dec 14 08:45:09 2017
> Repo-pkgs : 582
> Repo-size : 11 G
> Repo-baseurl : http://linux.dell.com/repo/hardware/latest/os_independent/
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-exclude : dell-system-update*.i386
> Repo-filename: /etc/yum.repos.d/dell-system-update.repo
>
> Repo-id : openvz-os
> Repo-name : OpenVZ
> Repo-revision: 1510848403
> Repo-tags : binary-x86_64
> Repo-distro-tags: [cpe:/o:openvzproject:vz:7]:
> Repo-updated : Thu Nov 16 17:06:54 2017
> Repo-pkgs : 197
> Repo-size : 766 M
> Repo-mirrors :
> http://download.openvz.org/virtuozzo/mirrorlists/7.0/releases-os.mirrorlist
> Repo-baseurl :
> http://ftp.lip6.fr/pub/linux/distributions/openvz/virtuozzo/releases/7.0/x86_64/os/
> (95 more)
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-filename: /etc/yum.repos.d/openvz.repo
>
> Repo-id : openvz-updates
> Repo-name : OpenVZ Updates
> Repo-revision: 1510921548
> Repo-tags : binary-x86_64
> Repo-distro-tags: [cpe:/o:openvzproject:vz:7]:
> Repo-updated : Fri Nov 17 13:25:48 2017
> Repo-pkgs : 0
> Repo-size : 0
> Repo-mirrors :
> http://download.openvz.org/virtuozzo/mirrorlists/7.0/updates-os.mirrorlist
> Repo-baseurl :
> http://ftp.lip6.fr/pub/linux/distributions/openvz/virtuozzo/updates/7.0/x86_64/os/
> (95 more)
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-filename: /etc/yum.repos.d/openvz.repo
>
> Repo-id : virtuozzolinux-base
> Repo-name : VirtuozzoLinux Base
> Repo-revision: 1515444338
> Repo-tags : binary-x86_64
> Repo-distro-tags: [cpe:/o:virtuozzoproject:vzlinux:7]:
> Repo-updated : Mon Jan 8 21:47:34 2018
> Repo-pkgs : 10,119
> Repo-size : 8.0 G
> Repo-mirrors : http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-os
> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/os/
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-excluded: 98
> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>
> Repo-id : virtuozzolinux-factory
> Repo-name : VirtuozzoLinux Factory
> Repo-revision: 1510932596
> Repo-updated : Fri Nov 17 16:29:58 2017
> Repo-pkgs : 0
> Repo-size : 0
> Repo-mirrors :
> http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-factory
> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/factory/
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>
> Repo-id : virtuozzolinux-factory-debuginfo
> Repo-name : VirtuozzoLinux Factory debug packages
> Repo-revision: 1510932602
> Repo-updated : Fri Nov 17 16:30:03 2017
> Repo-pkgs : 0
> Repo-size : 0
> Repo-mirrors :
> http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-factory-debug
> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/factory-debug/
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>
> Repo-id : virtuozzolinux-updates
> Repo-name : VirtuozzoLinux Updates
> Repo-revision: 1510932674
> Repo-updated : Fri Nov 17 16:31:15 2017
> Repo-pkgs : 0
> Repo-size : 0
> Repo-mirrors :
> http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-updates
> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/updates/
> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
> Filter : read-only:present
> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>
> repolist: 10,955
>
>
> Le 09/01/2018 à 20:45, Konstantin Bukharov a écrit :
>> Hello Jehan,
>>
>> Could you provide output from your system for the next command:
>> yum repolist -v
>>
>> From your letter it seems that you have only 'Virtuozzo Linux' repositories configured and none for 'Virtuozzo' (aka OpenVZ).
>>
>> Best regards,
>> Konstantin
>>
>>
>> -----Original Message-----
>> From: users-bounces at openvz.org [mailto:users-bounces at openvz.org] On Behalf Of Jehan Procaccia
>> Sent: Tuesday, January 9, 2018 21:54
>> To: OpenVZ users <users at openvz.org>; Vasiliy Averin <vvs at virtuozzo.com>
>> Subject: Re: [Users] X86_BUG_CPU_INSECURE
>>
>> Does this concern "free/not-licenced" virtuozzo 7 ?
>> I don't beneficiate of "ready-kernel" in that case, did you issued an
>> exeptionnal out of cycle (3 mouths) updates ?
>>
>> here's my situation that is not clear :
>>
>> # cat /etc/redhat-release
>> Virtuozzo Linux release 7.4
>>
>> # uname -a
>> Linux myserver.domain.fr 3.10.0-693.1.1.vz7.37.30 #1 SMP Wed Nov 15
>> 20:42:09 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux
>>
>> when I issued a yum update I got kmod packages , are these a meltdown
>> & spectre patches ?
>> Mise à jour :
>> kmod x86_64 20-15.vl7.6
>> virtuozzolinux-base 120 k
>> kmod-libs x86_64 20-15.vl7.6
>> virtuozzolinux-base 50 k
>>
>> not sure regarding changelogs dates :
>>
>> # rpm -q --changelog kmod-20-15.vl7.6.x86_64 | more
>> * jeu. nov. 16 2017 Yauheni Kaliuta <ykaliuta at redhat.com> - 20-15.el7_4.6
>> - Backport external directories support.
>> Related: rhbz#1511943.
>> ...
>>
>> thanks for your precisions .
>>
>> regards .
>>
>>
>> Le 09/01/2018 à 10:22, Vasily Averin a écrit :
>>> OpenVZ7 update was released.
>>>
>>> It includes new kenrel, criu, qemu-kvm and libvirt.
>>>
>>> https://download.openvz.org/virtuozzo/releases/openvz-7.0.6-509/
>>> https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/
>>>
>>> Thank you,
>>> Vasily Averin
>>>
>>> On 2018-01-06 14:40, Vasily Averin wrote:
>>>> We have released fixed RHEL6-based kernel,
>>>> please update your nodes to 2.6.32-042stab127.2 kernel
>>>>
>>>> Thank you,
>>>> Vasily Averin
>>>>
>>>> On 2018-01-04 06:03, Alex Kobets wrote:
>>>>> Hi,
>>>>>
>>>>>
>>>>> Virtuozzo will release the kernel with fix asap.
>>>>>
>>>>> We have it under testing right now
>>>>>
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Alex
>>>>>
>>>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>> *From:* users-bounces at openvz.org <users-bounces at openvz.org> on behalf of Hristo Benev <foxb at abv.bg>
>>>>> *Sent:* Wednesday, January 3, 2018 6:39:10 PM
>>>>> *To:* zoobab at gmail.com; OpenVZ users
>>>>> *Subject:* Re: [Users] X86_BUG_CPU_INSECURE
>>>>>
>>>>>> -------- Оригинално писмо --------
>>>>>> От: Benjamin Henrion zoobab at gmail.com
>>>>>> Относно: [Users] X86_BUG_CPU_INSECURE
>>>>>> До: "OpenVZ users list. This is THE list you need." <users at openvz.org>
>>>>>> Изпратено на: 03.01.2018 03:02
>>>>>> Hi,
>>>>>>
>>>>>> Just reading this:
>>>>>>
>>>>>> https://amp.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/
>>>>>>
>>>>>> Xen seems to have a pending patch to be release this week, but people
>>>>>> are speculating now that you could bypass the entire isolation process
>>>>>> provided by any hypervisor.
>>>>>>
>>>>>> Wait and see how this will be exploited, but you can be sure there
>>>>>> will be exploits soon in the wild.
>>>>>>
>>>>>> The patch for software mitigation seems to be big and performance impacting.
>>>>>>
>>>>>> But that would probably mean that containers can be bypassed.
>>>>>>
>>>>>> Wait and see,
>>>>>>
>>>>>> --
>>>>>> Benjamin Henrion (zoobab)
>>>>>> Email: zoobab at gmail.com
>>>>>> Mobile: +32-484-566109
>>>>>> Web: http://www.zoobab.com
>>>>>> FFII.org Brussels
>>>>>> "In July 2005, after several failed attempts to legalise software
>>>>>> patents in Europe, the patent establishment changed its strategy.
>>>>>> Instead of explicitly seeking to sanction the patentability of
>>>>>> software, they are now seeking to create a central European patent
>>>>>> court, which would establish and enforce patentability rules in their
>>>>>> favor, without any possibility of correction by competing courts or
>>>>>> democratically elected legislators."
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at openvz.org
>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>> https://spectreattack.com
>>>>>
>>>>> States that OpenVZ might be affected.
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>
>
More information about the Users
mailing list