[CentOS-virt] CESA-2018:1655 Important: qemu-kvm-ev security update
Sandro Bonazzola
sbonazzo at redhat.com
Thu May 24 11:51:58 UTC 2018
2018-05-24 13:38 GMT+02:00 Karanbir Singh <kbsingh at redhat.com>:
> On 24/05/18 11:53, Karanbir Singh wrote:
> > On 24/05/18 11:18, Sandro Bonazzola wrote:
> >>
> >>
> >> 2018-05-24 3:18 GMT+02:00 Karanbir Singh <kbsingh at redhat.com
> >> <mailto:kbsingh at redhat.com>>:
> >>
> >> On 23/05/18 06:56, Sandro Bonazzola wrote:
> >> > CentOS Errata and Security Advisory 2018:1655 Important
> >> >
> >> > Upstream details at: https://access.redhat.com/
> errata/RHSA-2018:1655
> >> <https://access.redhat.com/errata/RHSA-2018:1655>
> >> >
> >> > This is the qemu-kvm-ev side of the CVE-2018-3639 mitigation.
> >> >
> >> > qemu-kvm-ev-2.10.0-21.el7_5.3.1
> >> > <http://cbs.centos.org/koji/buildinfo?buildID=22813
> >> <http://cbs.centos.org/koji/buildinfo?buildID=22813>> has been
> >> tagged for
> >> > release yesterday morning and should land on mirrors this morning.
> >> > Johnny, Brian, Karanbir, please cross check it's being published,
> I
> >> > would have expected it to be already on mirrors.
> >> >
> >> > Thanks,
> >> > --
> >> >
> >> > SANDRO BONAZZOLA
> >> >
> >> > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION
> R&D
> >> >
> >> > Red Hat EMEA <https://www.redhat.com/>
> >> >
> >> > sbonazzo at redhat.com <mailto:sbonazzo at redhat.com>
> >> <mailto:sbonazzo at redhat.com <mailto:sbonazzo at redhat.com>>
> >> >
> >> > <https://red.ht/sig>
> >> > <https://redhat.com/summit>
> >> >
> >>
> >> With all the noise around this specific package, i went and looked
> and
> >> its in the queue for push, should be in the packages for Thu 24th
> >>
> >>
> >> Looks like it's not yet published.
> >> Also altarch is still broken https://bugs.centos.org/view.php?id=14835
> >>
> >>
> >>
> >>
> >>
> >
> > yeah, this is down to how the various arch bits were pushed out of sync;
> > we got cut both ways, either if we do x86_64 on its own or we dont,
> >
> > i am working on sig content right now, so let me go look at this as well
> >
> >
>
> the sign runs are now running cleanly for altarch as well, it looks like
> the mirrors caught up in sync with those in the last day or so. its
> going to run for a bit though, I'll keep an eye on things.
>
> w.r.t the CVE note - just want to point out that I've been told that
> lacking the vendor supplied microcode this fix's in this code do not
> really help much. And there is no vendor microcode as yet. Is that an
> accurate state of play ?
>
AFAIK Intel released a beta microcode to OEMs so individual hardware
vendors should be providing it through their support pages after testing
with their hardware.
>
>
> --
> Karanbir Singh <kbsingh at redhat.com> | London, UK
> Project Lead, The CentOS Project
> Consulting Engineer, https://openshift.io/
>
>
--
SANDRO BONAZZOLA
ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D
Red Hat EMEA <https://www.redhat.com/>
sbonazzo at redhat.com
<https://red.ht/sig>
<https://redhat.com/summit>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20180524/708191b0/attachment.html>
More information about the CentOS-virt
mailing list