[Users] X86_BUG_CPU_INSECURE
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jan 11 10:44:58 MSK 2018
On 01/10/2018 10:58 PM, Jehan Procaccia wrote:
> you were right, waiting overnight for mirrors to get updated, now I do
> have an kernel update
>
> # uname -a
> Linux 3.10.0-693.11.6.vz7.40.4 #1 SMP Fri Jan 5 21:20:16 MSK 2018
> x86_64 x86_64 x86_64 GNU/Linux
>
> # rpm -q --changelog vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64 | more
> * sam. janv. 06 2018 Konstantin Khorenko <khorenko at virtuozzo.com>
> [3.10.0-693.11.6.vz7.40.4]
> - vznetstat: Convert some kmalloc()/kfree() to __vmalloc()/vfree()
> (Kirill Tkhai) [PSBM-79502]
> - vznetstat: Add protection to venet_acct_set_classes() (Kirill Tkhai)
> - ms/mm/mempolicy: Add cond_resched() in queue_pages_pte_range() (Andrey
> Ryabinin) [PSBM-79273]
> - ms/sctp: do not peel off an assoc from one netns to another one (Xin
> Long) [PSBM-79325]
> - ve: fix container stopped state check (Stanislav Kinsburskiy) [PSBM-78078]
> ...
>
> no CVE mentioned , but I guess that these changes are related to
> meltdown and spectre !?
We do rebases on new RHEL7 kernels, so our Virtuozzo specific patches will be always on top after a rebase,
just look deeper into changelog:
[root at localhost ~]# rpm -qp --changelog vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64.rpm |grep CVE-2017-5715 |head -n 3
- [x86] spec_ctrl: Eliminate redundant FEATURE Not Present messages (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[root at localhost ~]# rpm -qp --changelog vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64.rpm |grep CVE-2017-5753 |head -n 3
- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [fs] prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
[root at localhost ~]# rpm -qp --changelog vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64.rpm |grep CVE-2017-5754 |head -n 3
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
>
> Thanks
>
> Le 09/01/2018 à 21:51, Konstantin Bukharov a écrit :
>> Hello Jehan,
>>
>> Looks reasonable for me.
>> Your FR mirrors for openvz-os & openvz-updates are just not in sync with out last update.
>>
>> Best regards,
>> Konstantin
>>
>> PS. You could see list of required packages by URL provided by Vasiliy below:
>> https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/
>>
>>
>> -----Original Message-----
>> From: Jehan Procaccia [mailto:Jehan.Procaccia at it-sudparis.eu]
>> Sent: Tuesday, January 9, 2018 23:43
>> To: OpenVZ users <users at openvz.org>; Konstantin Bukharov <bkb at virtuozzo.com>; Vasiliy Averin <vvs at virtuozzo.com>
>> Subject: Re: [Users] X86_BUG_CPU_INSECURE
>>
>> here is my repolist -v , let me know if I miss some repos ?
>>
>> thanks
>>
>> # yum repolist -v
>> Loading "fastestmirror" plugin
>> Loading "langpacks" plugin
>> Loading "openvz" plugin
>> Loading "priorities" plugin
>> Loading "product-id" plugin
>> Loading "refresh-packagekit" plugin
>> Loading "rhsm-auto-add-pools" plugin
>> Loading "search-disabled-repos" plugin
>> Not loading "subscription-manager" plugin, as it is disabled
>> Loading "vzlinux" plugin
>> Adding en_US.UTF-8 to language list
>> Config time: 0.069
>> Yum version: 3.4.3
>> Trying to discover and attach new pools
>> Loading mirror speeds from cached hostfile
>> * openvz-os: ftp.lip6.fr
>> * openvz-updates: ftp.lip6.fr
>> Setting up Package Sacks
>> --> anaconda-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> anaconda-core-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> anaconda-dracut-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> anaconda-gui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> anaconda-tui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> anaconda-widgets-21.48.22.121-3.vl7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> anaconda-widgets-devel-21.48.22.121-3.vl7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> crit-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority)
>> --> criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority)
>> --> ipxe-bootimgs-20170123-1.git4e85b27.vl7.1.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> ipxe-roms-20170123-1.git4e85b27.vl7.1.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> ipxe-roms-qemu-20170123-1.git4e85b27.vl7.1.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:libguestfs-bash-completion-1.28.1-1.55.vl7.7.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-gobject-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-gobject-devel-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-gobject-doc-1.28.1-1.55.vl7.7.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-java-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-java-devel-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-javadoc-1.28.1-1.55.vl7.7.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-man-pages-ja-1.28.1-1.55.vl7.7.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-man-pages-uk-1.28.1-1.55.vl7.7.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-tools-1.28.1-1.55.vl7.7.noarch from
>> virtuozzolinux-base excluded (priority)
>> --> 1:libguestfs-tools-c-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> libvirt-client-2.0.0-10.vl7.5.i686 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-client-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-daemon-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-daemon-config-network-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-config-nwfilter-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-interface-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-lxc-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-network-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-nodedev-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-nwfilter-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-qemu-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-secret-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-driver-storage-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-daemon-kvm-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-daemon-lxc-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-devel-2.0.0-10.vl7.5.i686 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-devel-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-docs-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-lock-sanlock-2.0.0-10.vl7.5.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> libvirt-login-shell-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-nss-2.0.0-10.vl7.5.i686 from virtuozzolinux-base excluded
>> (priority)
>> --> libvirt-nss-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> libvirt-python-1.2.17-2.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:lua-guestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:ocaml-libguestfs-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:ocaml-libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> 1:perl-Sys-Guestfs-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> ploop-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded (priority)
>> --> ploop-devel-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> ploop-lib-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> pykickstart-1.99.66.12-1.vl7.noarch from virtuozzolinux-base
>> excluded (priority)
>> --> 1:python-blivet-0.61.15.65-1.vl7.2.noarch from virtuozzolinux-base
>> excluded (priority)
>> --> python-criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:python-libguestfs-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> python-ploop-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> python-subprocess32-3.2.6-5.vl7.3.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded (priority)
>> --> 1:qt-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded (priority)
>> --> 1:qt-assistant-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-config-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-demos-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-devel-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-devel-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-devel-private-4.8.5-15.vl7.noarch from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-doc-4.8.5-15.vl7.noarch from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-examples-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-examples-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-mysql-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-mysql-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-odbc-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-odbc-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-postgresql-4.8.5-15.vl7.i686 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-postgresql-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-qdbusviewer-4.8.5-15.vl7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> 1:qt-qvfb-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-x11-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded
>> (priority)
>> --> 1:qt-x11-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded
>> (priority)
>> --> readykernel-scan-0.8-1.vl7.noarch from virtuozzolinux-base
>> excluded (priority)
>> --> rsync-3.0.9-18.vl7.x86_64 from virtuozzolinux-base excluded (priority)
>> --> 1:ruby-libguestfs-1.28.1-1.55.vl7.7.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> seabios-bin-1.8.2-2.vl7.2.noarch from virtuozzolinux-base excluded
>> (priority)
>> --> seavgabios-bin-1.8.2-2.vl7.2.noarch from virtuozzolinux-base
>> excluded (priority)
>> --> virt-install-1.3.0-1.vl7.noarch from virtuozzolinux-base excluded
>> (priority)
>> --> virt-manager-1.3.0-1.vl7.noarch from virtuozzolinux-base excluded
>> (priority)
>> --> virt-manager-common-1.3.0-1.vl7.noarch from virtuozzolinux-base
>> excluded (priority)
>> --> 1:virt-v2v-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> vzkernel-3.10.0-514.26.1.vz7.33.22.x86_64 from virtuozzolinux-base
>> excluded (priority)
>> --> vzkernel-debug-3.10.0-514.26.1.vz7.33.22.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> vzkernel-debug-devel-3.10.0-514.26.1.vz7.33.22.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> vzkernel-devel-3.10.0-514.26.1.vz7.33.22.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> --> vzkernel-headers-3.10.0-514.26.1.vz7.33.22.x86_64 from
>> virtuozzolinux-base excluded (priority)
>> 97 packages excluded due to repository priority protections
>> pkgsack time: 0.763
>> Repo-id : dell-system-update_dependent/7/x86_64
>> Repo-name : dell-system-update_dependent
>> Repo-revision: 1513237536
>> Repo-updated : Thu Dec 14 08:45:38 2017
>> Repo-pkgs : 57
>> Repo-size : 168 M
>> Repo-mirrors :
>> http://linux.dell.com/repo/hardware/latest/mirrors.cgi?osname=el7&basearch=x86_64&native=1
>> Repo-baseurl :
>> http://linux.dell.com/repo/hardware/latest/os_dependent/RHEL7_64/
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:02 2018)
>> Filter : read-only:present
>> Repo-filename: /etc/yum.repos.d/dell-system-update.repo
>>
>> Repo-id : dell-system-update_independent
>> Repo-name : dell-system-update_independent
>> Repo-revision: 1513237394
>> Repo-updated : Thu Dec 14 08:45:09 2017
>> Repo-pkgs : 582
>> Repo-size : 11 G
>> Repo-baseurl : http://linux.dell.com/repo/hardware/latest/os_independent/
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-exclude : dell-system-update*.i386
>> Repo-filename: /etc/yum.repos.d/dell-system-update.repo
>>
>> Repo-id : openvz-os
>> Repo-name : OpenVZ
>> Repo-revision: 1510848403
>> Repo-tags : binary-x86_64
>> Repo-distro-tags: [cpe:/o:openvzproject:vz:7]:
>> Repo-updated : Thu Nov 16 17:06:54 2017
>> Repo-pkgs : 197
>> Repo-size : 766 M
>> Repo-mirrors :
>> http://download.openvz.org/virtuozzo/mirrorlists/7.0/releases-os.mirrorlist
>> Repo-baseurl :
>> http://ftp.lip6.fr/pub/linux/distributions/openvz/virtuozzo/releases/7.0/x86_64/os/
>> (95 more)
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-filename: /etc/yum.repos.d/openvz.repo
>>
>> Repo-id : openvz-updates
>> Repo-name : OpenVZ Updates
>> Repo-revision: 1510921548
>> Repo-tags : binary-x86_64
>> Repo-distro-tags: [cpe:/o:openvzproject:vz:7]:
>> Repo-updated : Fri Nov 17 13:25:48 2017
>> Repo-pkgs : 0
>> Repo-size : 0
>> Repo-mirrors :
>> http://download.openvz.org/virtuozzo/mirrorlists/7.0/updates-os.mirrorlist
>> Repo-baseurl :
>> http://ftp.lip6.fr/pub/linux/distributions/openvz/virtuozzo/updates/7.0/x86_64/os/
>> (95 more)
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-filename: /etc/yum.repos.d/openvz.repo
>>
>> Repo-id : virtuozzolinux-base
>> Repo-name : VirtuozzoLinux Base
>> Repo-revision: 1515444338
>> Repo-tags : binary-x86_64
>> Repo-distro-tags: [cpe:/o:virtuozzoproject:vzlinux:7]:
>> Repo-updated : Mon Jan 8 21:47:34 2018
>> Repo-pkgs : 10,119
>> Repo-size : 8.0 G
>> Repo-mirrors : http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-os
>> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/os/
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-excluded: 98
>> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>>
>> Repo-id : virtuozzolinux-factory
>> Repo-name : VirtuozzoLinux Factory
>> Repo-revision: 1510932596
>> Repo-updated : Fri Nov 17 16:29:58 2017
>> Repo-pkgs : 0
>> Repo-size : 0
>> Repo-mirrors :
>> http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-factory
>> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/factory/
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>>
>> Repo-id : virtuozzolinux-factory-debuginfo
>> Repo-name : VirtuozzoLinux Factory debug packages
>> Repo-revision: 1510932602
>> Repo-updated : Fri Nov 17 16:30:03 2017
>> Repo-pkgs : 0
>> Repo-size : 0
>> Repo-mirrors :
>> http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-factory-debug
>> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/factory-debug/
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>>
>> Repo-id : virtuozzolinux-updates
>> Repo-name : VirtuozzoLinux Updates
>> Repo-revision: 1510932674
>> Repo-updated : Fri Nov 17 16:31:15 2017
>> Repo-pkgs : 0
>> Repo-size : 0
>> Repo-mirrors :
>> http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-updates
>> Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/updates/
>> Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018)
>> Filter : read-only:present
>> Repo-filename: /etc/yum.repos.d/vzlinux.repo
>>
>> repolist: 10,955
>>
>>
>> Le 09/01/2018 à 20:45, Konstantin Bukharov a écrit :
>>> Hello Jehan,
>>>
>>> Could you provide output from your system for the next command:
>>> yum repolist -v
>>>
>>> From your letter it seems that you have only 'Virtuozzo Linux' repositories configured and none for 'Virtuozzo' (aka OpenVZ).
>>>
>>> Best regards,
>>> Konstantin
>>>
>>>
>>> -----Original Message-----
>>> From: users-bounces at openvz.org [mailto:users-bounces at openvz.org] On Behalf Of Jehan Procaccia
>>> Sent: Tuesday, January 9, 2018 21:54
>>> To: OpenVZ users <users at openvz.org>; Vasiliy Averin <vvs at virtuozzo.com>
>>> Subject: Re: [Users] X86_BUG_CPU_INSECURE
>>>
>>> Does this concern "free/not-licenced" virtuozzo 7 ?
>>> I don't beneficiate of "ready-kernel" in that case, did you issued an
>>> exeptionnal out of cycle (3 mouths) updates ?
>>>
>>> here's my situation that is not clear :
>>>
>>> # cat /etc/redhat-release
>>> Virtuozzo Linux release 7.4
>>>
>>> # uname -a
>>> Linux myserver.domain.fr 3.10.0-693.1.1.vz7.37.30 #1 SMP Wed Nov 15
>>> 20:42:09 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> when I issued a yum update I got kmod packages , are these a meltdown
>>> & spectre patches ?
>>> Mise à jour :
>>> kmod x86_64 20-15.vl7.6
>>> virtuozzolinux-base 120 k
>>> kmod-libs x86_64 20-15.vl7.6
>>> virtuozzolinux-base 50 k
>>>
>>> not sure regarding changelogs dates :
>>>
>>> # rpm -q --changelog kmod-20-15.vl7.6.x86_64 | more
>>> * jeu. nov. 16 2017 Yauheni Kaliuta <ykaliuta at redhat.com> - 20-15.el7_4.6
>>> - Backport external directories support.
>>> Related: rhbz#1511943.
>>> ...
>>>
>>> thanks for your precisions .
>>>
>>> regards .
>>>
>>>
>>> Le 09/01/2018 à 10:22, Vasily Averin a écrit :
>>>> OpenVZ7 update was released.
>>>>
>>>> It includes new kenrel, criu, qemu-kvm and libvirt.
>>>>
>>>> https://download.openvz.org/virtuozzo/releases/openvz-7.0.6-509/
>>>> https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/
>>>>
>>>> Thank you,
>>>> Vasily Averin
>>>>
>>>> On 2018-01-06 14:40, Vasily Averin wrote:
>>>>> We have released fixed RHEL6-based kernel,
>>>>> please update your nodes to 2.6.32-042stab127.2 kernel
>>>>>
>>>>> Thank you,
>>>>> Vasily Averin
>>>>>
>>>>> On 2018-01-04 06:03, Alex Kobets wrote:
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> Virtuozzo will release the kernel with fix asap.
>>>>>>
>>>>>> We have it under testing right now
>>>>>>
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Alex
>>>>>>
>>>>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>>> *From:* users-bounces at openvz.org <users-bounces at openvz.org> on behalf of Hristo Benev <foxb at abv.bg>
>>>>>> *Sent:* Wednesday, January 3, 2018 6:39:10 PM
>>>>>> *To:* zoobab at gmail.com; OpenVZ users
>>>>>> *Subject:* Re: [Users] X86_BUG_CPU_INSECURE
>>>>>>
>>>>>>> -------- Оригинално писмо --------
>>>>>>> От: Benjamin Henrion zoobab at gmail.com
>>>>>>> Относно: [Users] X86_BUG_CPU_INSECURE
>>>>>>> До: "OpenVZ users list. This is THE list you need." <users at openvz.org>
>>>>>>> Изпратено на: 03.01.2018 03:02
>>>>>>> Hi,
>>>>>>>
>>>>>>> Just reading this:
>>>>>>>
>>>>>>> https://amp.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/
>>>>>>>
>>>>>>> Xen seems to have a pending patch to be release this week, but people
>>>>>>> are speculating now that you could bypass the entire isolation process
>>>>>>> provided by any hypervisor.
>>>>>>>
>>>>>>> Wait and see how this will be exploited, but you can be sure there
>>>>>>> will be exploits soon in the wild.
>>>>>>>
>>>>>>> The patch for software mitigation seems to be big and performance impacting.
>>>>>>>
>>>>>>> But that would probably mean that containers can be bypassed.
>>>>>>>
>>>>>>> Wait and see,
>>>>>>>
>>>>>>> --
>>>>>>> Benjamin Henrion (zoobab)
>>>>>>> Email: zoobab at gmail.com
>>>>>>> Mobile: +32-484-566109
>>>>>>> Web: http://www.zoobab.com
>>>>>>> FFII.org Brussels
>>>>>>> "In July 2005, after several failed attempts to legalise software
>>>>>>> patents in Europe, the patent establishment changed its strategy.
>>>>>>> Instead of explicitly seeking to sanction the patentability of
>>>>>>> software, they are now seeking to create a central European patent
>>>>>>> court, which would establish and enforce patentability rules in their
>>>>>>> favor, without any possibility of correction by competing courts or
>>>>>>> democratically elected legislators."
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at openvz.org
>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>> https://spectreattack.com
>>>>>>
>>>>>> States that OpenVZ might be affected.
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at openvz.org
>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at openvz.org
>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>
>>
>
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list