2018-05-24 13:38 GMT+02:00 Karanbir Singh kbsingh@redhat.com:
On 24/05/18 11:53, Karanbir Singh wrote:
On 24/05/18 11:18, Sandro Bonazzola wrote:
2018-05-24 3:18 GMT+02:00 Karanbir Singh <kbsingh@redhat.com mailto:kbsingh@redhat.com>:
On 23/05/18 06:56, Sandro Bonazzola wrote: > CentOS Errata and Security Advisory 2018:1655 Important > > Upstream details at: https://access.redhat.com/
errata/RHSA-2018:1655
<https://access.redhat.com/errata/RHSA-2018:1655> > > This is the qemu-kvm-ev side of the CVE-2018-3639 mitigation. > > qemu-kvm-ev-2.10.0-21.el7_5.3.1 > <http://cbs.centos.org/koji/buildinfo?buildID=22813 <http://cbs.centos.org/koji/buildinfo?buildID=22813>> has been tagged for > release yesterday morning and should land on mirrors this morning. > Johnny, Brian, Karanbir, please cross check it's being published,
I
> would have expected it to be already on mirrors. > > Thanks, > -- > > SANDRO BONAZZOLA > > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION
R&D
> > Red Hat EMEA <https://www.redhat.com/> > > sbonazzo@redhat.com <mailto:sbonazzo@redhat.com> <mailto:sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> > > <https://red.ht/sig> > <https://redhat.com/summit> > With all the noise around this specific package, i went and looked
and
its in the queue for push, should be in the packages for Thu 24th
Looks like it's not yet published. Also altarch is still broken https://bugs.centos.org/view.php?id=14835
yeah, this is down to how the various arch bits were pushed out of sync; we got cut both ways, either if we do x86_64 on its own or we dont,
i am working on sig content right now, so let me go look at this as well
the sign runs are now running cleanly for altarch as well, it looks like the mirrors caught up in sync with those in the last day or so. its going to run for a bit though, I'll keep an eye on things.
w.r.t the CVE note - just want to point out that I've been told that lacking the vendor supplied microcode this fix's in this code do not really help much. And there is no vendor microcode as yet. Is that an accurate state of play ?
AFAIK Intel released a beta microcode to OEMs so individual hardware vendors should be providing it through their support pages after testing with their hardware.
-- Karanbir Singh kbsingh@redhat.com | London, UK Project Lead, The CentOS Project Consulting Engineer, https://openshift.io/